Abstract
Open multi-application smart cards that allow post-issuance evolution (i.e. loading of new applets) are very attractive for both smart card developers and card users. Since these applications contain sensitive data and can exchange information, a major concern is the assurance that these applications will not exchange data unless permitted by their respective policies. We suggest an approach for load time application certification on the card, that will enable the card to make autonomous decisions on application and policy updates while ensuring the compliance of every change of the platform with the security policy of each application’s owner.
Work partially supported by the EU under grant EU-FP7-FET-IP-SecureChange. We thank B. Chetali, Q. Nguyen, and I. Symplot-Ryl for useful discussions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Avvenuti, M., Bernardeschi, C., De Francesco, N., Masci, P.: A tool for checking secure interaction in Java Cards. In: Proc. of EWDC 2009(2009)
Bieber, P., Cazin, J., Wiels, V., Zanon, G., Girard, P., Lanet, J.-L.: Checking secure interactions of smart card applets: Extended version. J. of Comp. Sec. 10(4), 369–398 (2002)
Dragoni, N., Massacci, F., Naliuka, K., Siahaan, I.: Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code. In: López, J., Samarati, P., Ferrer, J.L. (eds.) EuroPKI 2007. LNCS, vol. 4582, pp. 297–312. Springer, Heidelberg (2007)
Enck, W., Ongtang, M., McDaniel, P.: On lightweight mobile phone application certification. In: Proceedings of CCS 2009, pp. 235–245. ACM (2009)
Ghindici, D., Simplot-Ryl, I.: On Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 32–47. Springer, Heidelberg (2008)
Girard, P.: Which security policy for multiplication smart cards? In: USENIX Workshop on Smartcard Technology. USENIX Association (1999)
Huisman, M., Gurov, D., Sprenger, C., Chugunov, G.: Checking Absence of Illicit Applet Interactions: A Case Study. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 84–98. Springer, Heidelberg (2004)
GlobalPlatform Inc. GlobalPlatform Card Specification. Specification 2.2 (2006)
Lufthansa. Miles&More credit cards, http://www.miles-and-more.com
Sun Microsystems. Runtime environment specification. Java CardTM platform, version 2.2.2. Specification 2.2.2., Sun Microsystems (2006)
Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in Android. In: Proceedings of ACSAC 2009, pp. 340–349 (2009)
Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a Formal Security Model for Multiapplicative Smart Cards. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 17–36. Springer, Heidelberg (2000)
Sekar, R., Venkatakrishnan, V.N., Basu, S., Bhatkar, S., DuVarney, D.C.: Model-carrying code: a practical approach for safe execution of untrusted applications. In: Proc. of the 19th ACM Symp. on Operating Syst. Princ., pp. 15–28 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gadyatskaya, O., Massacci, F., Paci, F., Stankevich, S. (2012). Java Card Architecture for Autonomous Yet Secure Evolution of Smart Cards Applications. In: Aura, T., Järvinen, K., Nyberg, K. (eds) Information Security Technology for Applications. NordSec 2010. Lecture Notes in Computer Science, vol 7127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27937-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-27937-9_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27936-2
Online ISBN: 978-3-642-27937-9
eBook Packages: Computer ScienceComputer Science (R0)