U-turn to Java Card Byte Code Verification
نویسندگان
چکیده
Java is the ideal development platform for mobile code systems. It ensures application portability and mobility for a variety of platforms, while providing strong security features. The intermediate code (byte code) allows us to verify statically (i.e. during loading phase) that the program is trustworthy. This is done by a software security module called the byte code verifier. Given the complexity of the verifier, Java Card products are not supplied with one. Alternatives are being studied to provide the same functionality outside the card. In the present paper, we propose to integrate the entire verifier in the smart card. This ensures that the smart card will be entirely autonomous. We propose a verifier with an operating system development approach, i.e. seeking to optimise the use of hardware resources specific to smart card. Our experimental results confirm the feasibility of such a security system implemented in a smart card.
منابع مشابه
A B model for ensuring soundness of a large subset of the Java Card virtual machine
Java Cards are a new generation of smart cards that use the Java programming language. As smart cards are usually used to supply security to a system, security requirements are very strong and certification can become a competitive advantage. Such a certification to a high Common Criteria or ITSEC level requires the proof of all the security mechanisms. Those security mechanisms include the byt...
متن کاملDevelopment of an Embedded Verifier for Java Card Byte Code using Formal Methods Ludovic
The Java security policy is implemented using security components such as a Java Virtual Machine (JVM), API, verifier, and a loader. It is of prime importance to ensure that these components are implemented in accordance with their specifications. Formal methods can be used to bring the mathematical proof that their implementation corresponds to their specification. In this paper, we introduce ...
متن کاملEvaluation of the Ability to Transform SIM Applications into Hostile Applications
The ability of Java Cards to withstand attacks is based on software and hardware countermeasures, and on the ability of the Java platform to check the correct behavior of Java code (by using byte code verification). Recently, the idea of combining logical attacks with a physical attack in order to bypass byte code verification has emerged. For instance, correct and legitimate Java Card applicat...
متن کاملByte Code Verification for Java Smart Card Based on Model Checking
The paper presents a novel approach to Java byte code veri cation: The veri cation process is performed \o ine" on a network server, instead of incorporating it in the client. Furthermore, the most critical part of the veri cation process is based upon a formal model and uses a model checker for checking the veri cation conditions. The result of the veri cation process can be securely communica...
متن کاملA Friendly Framework for Hidding fault enabled virus for Java Based Smartcard
Smart cards are the safer device to execute cryptographic algorithms. Applications are verified before being loaded in the card. Recently, the idea of combined attacks to bypass byte code verification has emerged. Indeed, correct and legitimate Java Card applications can be dynamically modified on-card using a laser beam to become mutant applications or fault enabled viruses. We propose a frame...
متن کامل