Testing the Java Card Applet Firewall

نویسندگان

  • Wojciech Mostowski
  • Erik Poll
چکیده

In this paper we discuss the methodology and results of testing the Java Card applet firewall mechanism. The main motivation for this work is the complexity of the firewall. Given the complexity, non-compliance of the cards with respect to the official specification is not unlikely. Firewall implementation faults may lead to serious security issues. Although we did not discover any serious problems on our test cards, a few minor specification violations are reported. We only found one specification violation on one card that could be considered unsafe, in that it might introduce a security risk for specific applications.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

JAIL: Firewall Analysis of Java Card by Abstract Interpretation

We introduce JAIL, a tool for the static analysis and the verification of the applet isolation property of Java Card, where applet isolation means that one applet can not access the fields or objects of an applet in another context unless the other applet explicitly provides an interface for access. The tool statically checks whether the analyzed source code violates this property, thus detecti...

متن کامل

A Type System for Checking Applet Isolation in Java Card

A Java Card applet is, in general, not allowed to access fields and methods of other applets on the same smart card. This applet isolation property is enforced by dynamic checks in the Java Card Virtual Machine. This paper describes a refined type system for Java Card that enables static checking of applet isolation. With this type system, firewall violations are detected at compile time. Only ...

متن کامل

Enforcement of applet boundaries in Java card systems

In multi-application Java Cards, applet’s sensitive data must be protected against unauthorized accesses. Applet isolation is normally achieved through the firewall mechanism. The firewall allows an applet to access external objects only through an object sharing mechanism, called shareable interface. Firewall is based on the access control policy and does not control information propagation. T...

متن کامل

A Hardest Attacker for Leaking References

Java Card is a variant of Java designed for use in smart cards and other systems with limited resources. Applets running on a smart card are protected from each other by the applet firewall, allowing communication only through shared objects. Security can be breached if a reference to a shared object is leaked to a hostile applet. In this paper we develop a Control Flow Analysis for a small lan...

متن کامل

Secure Object Sharing Development Kit for Java Card

Nowadays, Java Card platform-based Smart Cards are multi-application and support interapplet collaboration. The Java Card framework enforces applet isolation by means of the applet Firewall to prevent highly sensitive data in one applet to be leaked to another. The framework provides the Shareable Interface Object mechanism to allow developers to share services through the Firewall protection. ...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007