Controlling Application Interactions on the Novel Smart Cards with Security-by-Contract
نویسندگان
چکیده
In this paper we investigate novel use cases for open multiapplication smart card platforms. These use cases require a fine-grained access control mechanism to protect the sensitive functionality of oncard applications. We overview the Security-by-Contract approach that validates at load time that the application code respects the interaction policies of other applications already on the card, and discuss how this approach can be used to address the challenging change scenarios in the target use cases.
منابع مشابه
Securing Multi-Application Smart Cards by Security-by-Contract
The Security-by-Contract (S×C) framework has recently been proposed to support applications evolution in multi-application smart cards. The key idea is based on the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of a smart card. In this paper we address one of the key features needed to apply the S×C idea to a resou...
متن کاملAutomata modulo Theory ( Amt )
With the advent of the next generation java servlet on the smartcard, the Future Internet will be composed by web servers and clients silently yet busily running on high end smart cards in our phones and our wallets. In this new world model we can no longer accept the current security model where programs can be downloaded on our machines just because they are vaguely “trusted”. We want to know...
متن کاملCan We Support Applications' Evolution in Multi-application Smart Cards by Security-by-Contract?
Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. Ye...
متن کاملSC 2: Secure Communication over Smart Cards - How to Secure Off-Card Matching in Security-by-Contract for Open Multi-application Smart Cards
The Security-by-Contract (S×C) framework has recently been proposed to support software evolution in open multi-application smart cards. The key idea lies in the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of the card hosting the application. In this paper we address a key issue to realize the S×C idea, namely th...
متن کاملHigh-level algorithms and data structures requirements for security-by-contract on Java cards
The Java Card technology has progressed to the point of running web servers and web clients on a smart card. Yet concrete deployments of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded...
متن کامل