Abstract : Java card technology have progressed at the point of
running web servers and web clients on a smart card. Yet concrete
deployment of multi-applications smart cards have remained extremely
rare because the business model of the asynchronous download and update
of appli- cations by di erent parties requires the control of
interactions among possible applications after the card has been elded.
Yet the current se- curity models and techniques do not support this
type of evolution. We propose in this paper to apply the notion of
security-by-contract (S C), that is a speci cation of the security
behavior of an application that must be compliant with the security
policy of the hosting platform. This compliance can be checked at load
time and in this way avoid the need for costly run-time monitoring. We
show how the S C approach can be used to prevent illegal information
exchange among several applications on a single smart card platform, and
to deal with dynamic changes in both contracts and platform
policy.
Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.221-228, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_16〉
https://hal.inria.fr/hal-01059143
Contributeur : Hal Ifip
<>
Soumis le : vendredi 29 août 2014 - 14:03:08
Dernière modification le : vendredi 11 août 2017 - 15:13:03
Document(s) archivé(s) le : dimanche 30 novembre 2014 - 10:41:39
Nicola Dragoni, Olga Gadyatskaya, Fabio Massacci. Can We Support Applications' Evolution in
Multi-Application Smart Cards by Security-by-Contract?. Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron. 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6033, pp.221-228, 2010, Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices. 〈10.1007/978-3-642-12368-9_16〉. 〈hal-01059143〉