Implementing a High-Assurance Smart-Card OS
Building a high-assurance, secure operating system for memory constrained systems, such as smart cards, introduces many challenges. The increasing power of smart cards has made their use feasible in applications such as electronic passports, military and public sector identification cards, and cell-phone based financial and entertainment applications. Such applications require a secure environment, which can only be provided with sufficient hardware and a secure operating system. We argue that smart cards pose additional security challenges when compared to traditional computer platforms. We discuss our design for a secure smart card operating system, named Caernarvon, and show that it addresses these challenges, which include secure application download, protection of cryptographic functions from malicious applications, resolution of covert channels, and assurance of both security and data integrity in the face of arbitrary power losses.
KeywordsSmart Card Security Policy Authentication Protocol Covert Channel Memory Object
Unable to display preview. Download preview PDF.
- 2.Bell, D.E., LaPadula, L.J.: Computer Security Model: Unified Exposition and Multics Interpretation. In: ESD–TR–75–306, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA (June 1975), http://csrc.nist.gov/publications/history/bell76.pdf
- 3.Biba, K.J.: Integrity Considerations for Secure Computer Systems. In: ESD–TR–76–372, The MITRE Corporation, Bedford, MA, HQ Electronic Systems Division, Hanscom AFB, MA (April 1977), http://handle.dtic.mil/100.2/ADA039324
- 6.Gray, J.N.: Notes on Data Base Operating Systems. LNCS, vol. 60, pp. 393–481. Springer, Berlin (1978)Google Scholar
- 7.IBM 4764 Model 001 PCI-X Cryptographic Coprocessor. Data Sheet G221-9091-05, http://www-03.ibm.com/security/cryptocards/pdfs/4764-001_PCIX_Data_Sheet.pdf
- 8.Karger, P.A., Kc, G.S., Toll, D.C.: Privacy is essential for secure mobile devices. IBM Journal of Research and Development 53(2) (2009)Google Scholar
- 9.Karger, P.A., Toll, D.C., McIntosh, S.K.: Processor requirements for a high security smart card operating system. In: Eighth e-Smart Conference, Eurosmart, Sophia Antipolis, France, September 19-21 (2007), IBM Research Div. Rpt. RC 24219 (W0703-091), http://domino.watson.ibm.com/library/CyberDig.nsf/Home
- 12.Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., Toll, D.: Verification of a formal security model for multiapplicative smart cards. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 17–36. Springer, Heidelberg (2000)CrossRefGoogle Scholar
- 13.Scherzer, H., Canetti, R., Karger, P.A., Krawczyk, H., Rabin, T., Toll, D.C.: Authenticating Mandatory Access Controls and Preserving Privacy for a High-Assurance Smart Card. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 181–200. Springer, Heidelberg (2003)CrossRefGoogle Scholar
- 15.Whitmore, J., Bensoussan, A., Green, P., Hunt, D., Kobziar, A., Stern, J.: Design for Multics security enhancements. In: ESD–TR–74–176, Honeywell Information Systems, Inc., HQ Electronic Systems Division, Hanscom AFB, MA (December 1973), http://csrc.nist.gov/publications/history/whit74.pdf