Treffer: Load Time Security Verification: The Claim Checker

Title:
Load Time Security Verification: The Claim Checker
Authors:
Gadyatskaya, Olga, Lostal, Eduardo, Massacci, Fabio
Contributors:
Gadyatskaya, Olga, Lostal, Eduardo, Massacci, Fabio
Publisher Information:
Trento
Università degli Studi di Trento, Dipartimento di Ingegneria e Scienza dell'Informazione
Publication Year:
2011
Collection:
Università degli Studi di Trento: CINECA IRIS
Subject Terms:
Security-by-Contract, load time verification, Java Card, embedded verifier, application interactions policy
Document Type:
other/unknown material
File Description:
ELETTRONICO
Language:
English
Relation:
ispartofseries:Technical Report DISI; firstpage:1; lastpage:23; numberofpages:23; https://hdl.handle.net/11572/359563
Availability:
https://hdl.handle.net/11572/359563
Rights:
info:eu-repo/semantics/openAccess ; license:Tutti i diritti riservati (All rights reserved) ; license uri:iris.PRI01
Accession Number:
edsbas.EBCBB29C
Database:
BASE

Weitere Informationen

Modern multi-application smart cards can become an integrated environment where applications from different providers are loaded on the fly and collaborate in order to facilitate lives of the cardholders. This initiative requires an embedded verification mechanism to ensure that all applications on the card respect the application interactions policy. The Security-by-Contract approach for loading time verification consists of two phases. During the first phase the loaded code is verified to be compliant with the supplied contract. Then, during the second phase the contract is matched with the smart card security policy. The report focuses on the first phase and describes an algorithm for static analysis of the loaded bytecode on Java Card. We also report about implementation of this algorithm that can be embedded on a real smart card.