Abstract
This paper describes JCCap, a protection facility for cooperating applications in the context of Java Card. It enables the control of access rights between mutually suspicious applications, either between one terminal application and one Java Card applet or between two applets hosted inside the same Java Card. Using JCCap, access to objects is controlled by means of software capabilities that can be exchanged between mutually suspicious applications. An important advantage of JCCap is that the definition of the protection policy of an application (i.e., how access rights are granted to other applications) is completely separated from the application code. The protection policy is described in an extended Interface Definition Language (IDL) at the interface level, thus enhancing modularity, separation of concerns, and ease of expression in the design of the overall security architecture Each application can define its own protection policy independently from the other applications, thus enabling the expression of mutual suspicion without any prior knowledge about the policies of other applications. Every protection policy is then applied when applications interact with each other. This paper describes the implementation of a prototype of JCCap. It shows the feasibility and applicability of this technique in today’s Java Card and outline its advantages.
Chapter PDF
Similar content being viewed by others
References
R. Di Giorgio, M. Montgomery, “Write OpenCard services for downloading Java Card app”, JavaWorld 4; 2, February 1999. Available from author: http://www.javasoft.com/javaworld/jw02–1999/jw-02-javadev.html
T. Goldstein, “The gateway security model in the Java electronic commerce framework“, Proc. of Financial Cryptography’97, pp. 340–354, Springer, 1997. Available from author: http://www.javasoft.com /products/commerce/docs/whitepaper/ security/JCC_gateway.html
J. Gosling and H. McGilton, “The Java Language Environment: a White Paper”, Sun Microsystems Inc., 1995. Available from author: http://java.sun.com/whitePaper/java-whitepaper-l.html
D. Hagimont, J. Mossière, X. Rousset de Pina and F. Saunier, “Hidden Software Capabilities”, Sixteenth International Conference on Distributed Computing Systems (ICDCS), May 1996.
H. M. Levy, “Capability-Based Computer Systems”, Digital Press, 1984.
J. Richardson, P. Schawrz, and L.-F. Cabrera, “CACL: Efficient Fine-Grained Protection for Objects”, Proc. of the Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA’92), ACM SIGPLAN Notices 27.10, pp. 263–275, 1992.
E. Rose, “Towards Secure Bytecode Verification on a Java Card”, Master’s thesis, University of Copenhagen, September 1998. Available from author: http://www.ens-lyon.fr/evarose/speciale.ps.gz
M. Shapiro, “Structure and Encapsulation in Distributed Systems: The Proxy Principle”, Proc. of the 6th International Conference on Distributed Computing Systems, pp. 198–204, 1986.
M. Siddalingaiah, “The Java Card”, The devel- oper.com Journal, October 1997. Available from author: http://www.developer.com/journal/techfocus/n_tech javacard.html
Sun Microsystems, JDK 1.1 Documentation, Sun Microsystems. Available from author: http://www.javasoft.com/products/jdk/1.1/docs/index.html
Sun Microsystems Inc., Java Card Applet Developer’s Guide, July 1998. Available from author: http://java.sun.com/products/javacard/JCADG.html
Sun Microsystems Inc., Java Remote Method Invocation - Distributed Computing for Java, May 1998. Available from author: http://java.sun.com/marketing/collateral/javarmi.html
Sun Microsystems Inc., Java Card 2.1 Virtual Machine, Runtime Environment, and Application Programming Interface Specifications, February 1999. Available from author: http://java.sun.com">/products/javacard
A. S. Tanenbaum, S. J. Mullender, and R. V. Renesse, “Using sparse capabilities in a distributed operating system”, Proc. og the Sixth IEEE International Conference on Distributed Computing Systems, pp. 558–563, 1986.
J.-J. Vandewalle, E. Vétillard, “Developing Smart Card-Based Application using Java Card”, 3rd Smart Card Research and Advanced Applications Conference, September 1998.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 IFIP International Federation for Information Processing
About this chapter
Cite this chapter
Hagimont, D., Vandewalle, JJ. (2000). JCCap: Capability-Based Access Control for Java Card. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds) Smart Card Research and Advanced Applications. IFIP — The International Federation for Information Processing, vol 52. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35528-3_21
Download citation
DOI: https://doi.org/10.1007/978-0-387-35528-3_21
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6526-7
Online ISBN: 978-0-387-35528-3
eBook Packages: Springer Book Archive