Abstract
A Java Card applet is, in general, not allowed to access fields and methods of other applets on the same smart card. This applet isolation property is enforced by dynamic checks in the Java Card Virtual Machine. This paper describes a refined type system for Java Card that enables static checking of applet isolation. With this type system, firewall violations are detected at compile time. Only a special kind of downcast requires dynamic checks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Aldrich, J., Chambers, C.: Ownership domains: Separating aliasing policy from mechanism. In: Odersky, M. (ed.) ECOOP 2004. LNCS, vol. 3086, pp. 1–25. Springer, Heidelberg (2004)
Aldrich, J., Kostadinov, V., Chambers, C.: Alias annotations for program understanding. In: Object-Oriented Programming Systems, Languages, and Applications, OOPSLA (2002)
Andronick, J., Chetali, B., Ly, O.: Using Coq to verify Java Card applet isolation properties. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 335–351. Springer, Heidelberg (2003)
Barthe, G., Dufay, G., Huisman, M., Melo de Sousa, S.: Jakarta: A toolset for reasoning about JavaCard. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 2–18. Springer, Heidelberg (2001)
Barthe, G., Dufay, G., Jakubiec, L., Serpette, B., Melo de Sousa, S.: A formal executable semantics of the JavaCard platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)
Bieber, P., Cazin, J., El-Marouani, A., Girard, P., Lanet, J.-L., Wiels, V., Zanon, G.: The PACAP prototype: a tool for detecting Java Card illegal flows. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 25–37. Springer, Heidelberg (2001)
Bieber, P., Cazin, J., Girard, P., Lanet, J.-L., Wiels, V., Zanon, G.: Checking secure interactions of smart card applets. Journal of Computer Security 10(4), 369–398 (2002)
Bokowski, B., Vitek, J.: Confined types. In: Proceedings of Object-Oriented Programming Systems, Languages, and Applications (OOPSLA). ACM SIGPLAN Notices (1999)
Boyapati, C.: SafeJava: A Unified Type System for Safe Programming. In: Doctor of philosophy, Electrical Engineering and Computer Science. MIT, Cambridge (February 2004)
Caromel, D., Henrio, L., Serpette, B.P.: Context inference for static analysis of java card object sharing. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 43–57. Springer, Heidelberg (2001)
Clarke, D.G., Potter, J.M., Noble, J.: Ownership types for flexible alias protection. In: Proceedings of Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), vol. 33(10). ACM SIGPLAN Notices (1998)
Drossopoulou, S., Eisenbach, S.: Describing the semantics of Java and proving type soundness. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, pp. 41–82. Springer, Heidelberg (1999)
Éluard, M., Jensen, T.: Secure Object Flow Analysis for Java Card. In: Proceedings of 5th Smart Card Research and Advanced Application Conference (Cardis 2002), pp. 97–110. USENIX (2002)
Éluard, M., Jensen, T., Denney, E.: An operational semantics of the Java Card firewall. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 95–110. Springer, Heidelberg (2001)
Huisman, M., Gurov, D., Sprenger, C., Chugunov, G.: Checking absence of illicit applet interactions: A case study. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 84–98. Springer, Heidelberg (2004)
Leroy, X.: Java bytecode verification: algorithms and formalizations. Journal of Automated Reasoning 30(3-4), 235–269 (2003)
Müller, P.: Modular Specification and Verification of Object-Oriented Programs. In: Müller, P. (ed.) Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262, p. 123. Springer, Heidelberg (2002)
Müller, P., Poetzsch-Heffter, A.: A type system for checking applet isolation in Java Card. In: Formal Techniques for Java Programs (2001)
Müller, P., Poetzsch-Heffter, A.: Universes: A type system for alias and dependency control. Technical Report 279, Fernuniversität Hagen (2001)
Nipkow, T., von Oheimb, D.: Java ight is type-safe — definitely. In: Proc. 25th ACM Symp. Principles of Programming Languages, pp. 161–170. ACM Press, New York (1998)
von Oheimb, D.: Analyzing Java in Isabelle/HOL: Formalization, Type Safety and Hoare Logic. PhD thesis. Technische Universität München (2001)
von Oheimb, D., Nipkow, T.: Machine-checking the Java specification: Proving type-safety. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, p. 119. Springer, Heidelberg (1998)
Poetzsch-Heffter, A., Müller, P.: Logical foundations for typed object-oriented languages. In: Gries, D., De Roever, W. (eds.) Programming Concepts and Methods, PROCOMET (1998)
Sun Microsystems, Inc. The Runtime Environment Specification for the Java Card Platform, Version 2.2.1 (October 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Dietl, W., Müller, P., Poetzsch-Heffter, A. (2005). A Type System for Checking Applet Isolation in Java Card. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-30569-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24287-1
Online ISBN: 978-3-540-30569-9
eBook Packages: Computer ScienceComputer Science (R0)