SawjaCard: A Static Analysis Tool for Certifying Java Card Applications
نویسندگان
چکیده
This paper describes the design and implementation of a static analysis tool for certifying Java Card applications, according to security rules defined by the smart card industry. Java Card is a dialect of Java designed for programming multi-application smart cards and the tool, called SawjaCard, has been specialised for the particular Java Card programming patterns. The tool is built around a static analysis engine which uses a combination of numeric and heap analysis. It includes a model of the Java Card libraries and the Java Card firewall. The tool has been evaluated on a series of industrial applets and is shown to automate a substantial part of the validation process.
منابع مشابه
JCSI: A tool for checking secure information flow in Java Card applications
This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over...
متن کاملStatic program analysis of multi-applet JavaCard applications
Java Card provides a framework of classes and interfaces that hides the details of the underlying smart card interface and makes it possible to load and run on the same card several applets, from different application providers with complex trust relationships. This fact opens prospects for new business applications, but the card issuer has to secure absence of malicious or faulty card applets....
متن کاملJAIL: Firewall Analysis of Java Card by Abstract Interpretation
We introduce JAIL, a tool for the static analysis and the verification of the applet isolation property of Java Card, where applet isolation means that one applet can not access the fields or objects of an applet in another context unless the other applet explicitly provides an interface for access. The tool statically checks whether the analyzed source code violates this property, thus detecti...
متن کاملCate: A System for Analysis and Test of Java Card Applications
Cate is a domain-specific testing environment. It integrates both static and dynamic analyzes that are designed for Java Card application software. Cate supports the test process by analyzing the command/response behavior of the software, by performing test coverage analysis and by providing tools to visualize the analysis results. This paper gives a concise overview over the system which is su...
متن کاملCertifying Native Java Card API by Formal Refinement
This paper describes a refinement-based approach to show that a native Java Card API function fulfills its specification. We refine a native function from its informal specification (by Sun) through several intermediate models into a low-level model which is very close to its C implementations. We formally prove the correctness of the refinement steps between two adjacent levels. The low-level ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2014