Advertisement

The PACAP Prototype: A Tool for Detecting Java Card Illegal Flow

  • P. Bieber
  • J. Cazin
  • V. Wiels
  • G. Zanon
  • El Marouan
  • P. Girard
  • J.-L. Lanet
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2041)

Abstract

This paper presents some practical issues of a joint project between Gemplus and ONERA. In this approach, a smart card issuer can verify that a new applet securely interacts with already loaded applets. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows between levels. We propose a technique based on model checking to verify that actual information flows between applets are authorized. In this paper, we focus on the development of the prototype of the analyzer and we present the first results.

Keywords

Virtual Machine Model Check Smart Card Security Policy Security Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    P. Bieber and F. Cuppens. A Logical View of Secure Dependencies. Journal of Computer Security, 1(1):pp.99–129, 1992.Google Scholar
  2. [2]
    S. N. Freund and J. C. Mitchell. A type system for object initialization in the Java byte code language. In ACM Proceedings of OOPSLA 98, pp. 310–328, 1998.Google Scholar
  3. [3]
    P. Girard. Formalisation et mise en oeuvre d’une analyse statique de code en vue de la vérification d’applications sécurisées. Ph.D. thesis, ENSAE, 1996.Google Scholar
  4. [4]
    P. Girard. Which security policy for multi application smart cards? In USENIX workshop on smart card technology, 1999.Google Scholar
  5. [5]
    P. Girard, J.-L. Lanet. New Security Issues raised by Open Cards. In Information Security Technical Report, Vol4, No2, pp.: 19–27, 1999.Google Scholar
  6. [6]
    C. O’Halloran J. Cazin, P. Girard and C. T. Sennett. Formal Validation of Software for Secure Systems. In Anglo-French workshop on formal methods, modeling and simulation for system engineering, 1995.Google Scholar
  7. [7]
    T. Jensen, D. Le Metayer, and T. Thorn. Verification of control flow based security policies. In Proceedings of the 20th IEEE Security and Privacy Symposium, 1999.Google Scholar
  8. [8]
    X. Leroy and F. Rouaix. Security properties of typed applets. In Proceedings of POPL, 1998.Google Scholar
  9. [9]
    A.C. Myers and B. Liskov. A decentralized model for information flow control. In Proceedings of the 16th ACM symposium on operating systems principles, 1997.Google Scholar
  10. [10]
    J. Posegga and H. Vogt. Off line verification for Java byte code using a model checker. In Proceedings of ESORICS, number 1485 in LNCS. Springer, 1998.Google Scholar
  11. [11]
    G. Smith and D.M. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of POPL, 1998.Google Scholar
  12. [12]
    R. Stata and M. Abadi. A type system for Java byte code subroutines. In Proceeding of 25th Symposium on Principles of Programming Languages, 1998.Google Scholar
  13. [13]
    P. Bieber, J. Cazin, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon. Checking Secure Interactions of Smart Card Applets, ESORICS 2000, Toulouse, September 2000.Google Scholar
  14. [14]
    P. Bieber, J. Cazin, V. Wiels, G. Zanon, P. Girard, J.-L. Lanet. Electronic Purse Applet Certification in Workshops on Secure Architectures and Information Flow, London, December 1999. http://www.elsevier.nl/gej-ng/31/29/23/57/show/Products/notes/cover.htt
  15. [15]
    C. Cifuentes, Reverse Compilation Techniques, Ph.D. Thesis, Queensland University of Technology, 1994.Google Scholar
  16. [16]
    T. Nipkow, Verified byte code verifier, T.U. München, http://www4.in.tum.de/~nipkow//pubs/fossacs01.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • P. Bieber
    • 1
  • J. Cazin
    • 1
  • V. Wiels
    • 1
  • G. Zanon
    • 1
  • El Marouan
    • 2
  • P. Girard
    • 2
  • J.-L. Lanet
    • 2
  1. 1.ONERA-CERT/DTIM BP 4025ToulouseFrance
  2. 2.GEMPLUSGemenosFrance

Personalised recommendations