A Hardest Attacker for Leaking References

  • René Rydhof Hansen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2986)


Java Card is a variant of Java designed for use in smart cards and other systems with limited resources. Applets running on a smart card are protected from each other by the applet firewall, allowing communication only through shared objects. Security can be breached if a reference to a shared object is leaked to a hostile applet.

In this paper we develop a Control Flow Analysis for a small language based on Java Card, which will guarantee that sensitive object references can not be leaked to a particular (attack) applet. The analysis is used as a basis for formulating a hardest attacker that will expand the guarantee to cover all possible attackers.


Equivalence Class Smart Card Object Reference Reduction Rule Public Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Élouard, M., Jensen, T.: Secure object flow analysis for Java Card. In: Proc. of Smart Card Research and Advanced Application Conference, Cardis 2002 (2002)Google Scholar
  2. 2.
    Nielson, H.R., Nielson, F.: Hardest Attackers. In: Workshop on Issues in the Theory of Security, WITS 2000 (2000)Google Scholar
  3. 3.
    Nielson, F., Nielson, H.R., Hansen, R.R., Jensen, J.G.: Validating Firewalls in Mobile Ambients. In: Baeten, J.C.M., Mauw, S. (eds.) CONCUR 1999. LNCS, vol. 1664, pp. 463–477. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Siveroni, I., Hankin, C.: A Proposal for the JCVMLe Operational Semantics. SECSAFE-ICSTM-001-2.2. Available from [11] (2001)Google Scholar
  5. 5.
    Hansen, R.R.: Flow Logic for Carmel. SECSAFE-IMM-001-1.5. Available from [11] (2002)Google Scholar
  6. 6.
    Vitek, J., Horspool, R.N., Uhl, J.S.: Compile-Time Analysis of Object-Oriented Programs. In: Pfahler, P., Kastens, U. (eds.) CC 1992. LNCS, vol. 641. Springer, Heidelberg (1992)Google Scholar
  7. 7.
    Nielson, H.R., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 223–244. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)zbMATHGoogle Scholar
  9. 9.
    Nielson, F., Nielson, H.R., Seidl, H.: A Succinct Solver for ALFP. Nordic Journal of Computing 2002, 335–372 (2002)MathSciNetGoogle Scholar
  10. 10.
    Nielson, F., Nielson, H.R., Hansen, R.R.: Validating Firewalls using Flow Logics. Theoretical Computer Science 283, 381–418 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  11. 11.
    Siveroni, I.: SecSafe (2003), Web page

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • René Rydhof Hansen
    • 1
  1. 1.Informatics and Mathematical ModellingTechnical University of DenmarkKongens LyngbyDenmark

Personalised recommendations