Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications

Gadyatskaya, Olga; Massacci, Fabio; Paci, Federica; Stankevich, Sergey

doi:10.1007/978-3-642-27937-9_13

Olga Gadyatskaya¹⁸,
Fabio Massacci¹⁸,
Federica Paci¹⁸ &
…
Sergey Stankevich¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7127))

Included in the following conference series:

Nordic Conference on Secure IT Systems

829 Accesses
2 Citations

Abstract

Open multi-application smart cards that allow post-issuance evolution (i.e. loading of new applets) are very attractive for both smart card developers and card users. Since these applications contain sensitive data and can exchange information, a major concern is the assurance that these applications will not exchange data unless permitted by their respective policies. We suggest an approach for load time application certification on the card, that will enable the card to make autonomous decisions on application and policy updates while ensuring the compliance of every change of the platform with the security policy of each application’s owner.

Work partially supported by the EU under grant EU-FP7-FET-IP-SecureChange. We thank B. Chetali, Q. Nguyen, and I. Symplot-Ryl for useful discussions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Avvenuti, M., Bernardeschi, C., De Francesco, N., Masci, P.: A tool for checking secure interaction in Java Cards. In: Proc. of EWDC 2009(2009)
Google Scholar
Bieber, P., Cazin, J., Wiels, V., Zanon, G., Girard, P., Lanet, J.-L.: Checking secure interactions of smart card applets: Extended version. J. of Comp. Sec. 10(4), 369–398 (2002)
Google Scholar
Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)
Chapter Google Scholar
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS 2009, pp. 235–245. ACM (2009)
Google Scholar
Ghindici, D., Simplot-Ryl, I.: On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 32–47. Springer, Heidelberg (2008)
Chapter Google Scholar
Girard, P.: Which security policy for multiplication smart cards? In: USENIX Workshop on Smartcard Technology. USENIX Association (1999)
Google Scholar
Huisman, M., Gurov, D., Sprenger, C., Chugunov, G.: Checking Absence of Illicit Applet Interactions: A Case Study. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 84–98. Springer, Heidelberg (2004)
Chapter Google Scholar
GlobalPlatform Inc. GlobalPlatform Card Specification. Specification 2.2 (2006)
Google Scholar
Lufthansa. Miles&More credit cards, http://www.miles-and-more.com
Sun Microsystems. Runtime environment specification. Java Card^TM platform, version 2.2.2. Specification 2.2.2., Sun Microsystems (2006)
Google Scholar
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of ACSAC 2009, pp. 340–349 (2009)
Google Scholar
Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a Formal Security Model for Multiapplicative Smart Cards. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 17–36. Springer, Heidelberg (2000)
Chapter Google Scholar
Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proc. of the 19th ACM Symp. on Operating Syst. Princ., pp. 15–28 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

DISI, University of Trento, Italy
Olga Gadyatskaya, Fabio Massacci, Federica Paci & Sergey Stankevich

Authors

Olga Gadyatskaya
View author publications
You can also search for this author in PubMed Google Scholar
Fabio Massacci
View author publications
You can also search for this author in PubMed Google Scholar
Federica Paci
View author publications
You can also search for this author in PubMed Google Scholar
Sergey Stankevich
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

School of Science and Technology, Aalto University, Konemiehentie 2, 02150, Espoo, Finland
Tuomas Aura
Department of Information and Computer Science, Aalto University, Konemiehentie 2, 02150, Aalto, Finland
Kimmo Järvinen & Kaisa Nyberg &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gadyatskaya, O., Massacci, F., Paci, F., Stankevich, S. (2012). Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_13

Download citation

DOI: https://doi.org/10.1007/978-3-642-27937-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics