Constraint-based security analysis for the Java Card firewall
نویسنده
چکیده
This paper presents a constraint-based static analysis to prove security (confidentiality) properties of Java Card programs. We define a subset of the Java Card bytecode focussing on aspects of the Java Card firewall, method invocation, field access, variable access, shareable objects and contexts and present an analysis to compute an approximation of the set of possible value stored in each variable. To achieve this task, we introduce a new kind of constraints: quantified conditional constraints. This kind of constraints permits to generate the constraints for a program in a demand-driven fashion. In addition, it permit to model precisely the effects of the Java Card firewall by only producing a constraint if the corresponding operation is authorized by the firewall. The result of this analysis is a precise description of the object flow and of the security exceptions which can be thrown by the firewall.
منابع مشابه
Secure Object Flow Analysis for Java Card
The access control exercised by the Java Card firewall can be bypassed by the use of shareable objects. To help detecting unwanted access to objects, we propose a static analysis that calculates a safe approximation of the possible flow of objects between Java Card applets. The analysis deals with a subset of the Java Card bytecode focusing on aspects of the Java Card firewall, method invocatio...
متن کاملSawjaCard: A Static Analysis Tool for Certifying Java Card Applications
This paper describes the design and implementation of a static analysis tool for certifying Java Card applications, according to security rules defined by the smart card industry. Java Card is a dialect of Java designed for programming multi-application smart cards and the tool, called SawjaCard, has been specialised for the particular Java Card programming patterns. The tool is built around a ...
متن کاملA Hardest Attacker for Leaking References
Java Card is a variant of Java designed for use in smart cards and other systems with limited resources. Applets running on a smart card are protected from each other by the applet firewall, allowing communication only through shared objects. Security can be breached if a reference to a shared object is leaked to a hostile applet. In this paper we develop a Control Flow Analysis for a small lan...
متن کاملAn Operational Semantics of the Java Card Firewall
This paper presents an operational semantics for a subset of Java Card bytecode, focussing on aspects of the Java Card firewall, method invocation, field access, variable access, shareable objects and contexts. The goal is to provide a precise description of the Java Card firewall using standard tools from operational semantics. Such a description is necessary for formally arguing the correctne...
متن کاملTesting the Java Card Applet Firewall
In this paper we discuss the methodology and results of testing the Java Card applet firewall mechanism. The main motivation for this work is the complexity of the firewall. Given the complexity, non-compliance of the cards with respect to the official specification is not unlikely. Firewall implementation faults may lead to serious security issues. Although we did not discover any serious prob...
متن کامل