Abstract
Java Card is a variant of Java designed for use in smart cards and other systems with limited resources. Applets running on a smart card are protected from each other by the applet firewall, allowing communication only through shared objects. Security can be breached if a reference to a shared object is leaked to a hostile applet.
In this paper we develop a Control Flow Analysis for a small language based on Java Card, which will guarantee that sensitive object references can not be leaked to a particular (attack) applet. The analysis is used as a basis for formulating a hardest attacker that will expand the guarantee to cover all possible attackers.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Élouard, M., Jensen, T.: Secure object flow analysis for Java Card. In: Proc. of Smart Card Research and Advanced Application Conference, Cardis 2002 (2002)
Nielson, H.R., Nielson, F.: Hardest Attackers. In: Workshop on Issues in the Theory of Security, WITS 2000 (2000)
Nielson, F., Nielson, H.R., Hansen, R.R., Jensen, J.G.: Validating Firewalls in Mobile Ambients. In: Baeten, J.C.M., Mauw, S. (eds.) CONCUR 1999. LNCS, vol. 1664, pp. 463–477. Springer, Heidelberg (1999)
Siveroni, I., Hankin, C.: A Proposal for the JCVMLe Operational Semantics. SECSAFE-ICSTM-001-2.2. Available from [11] (2001)
Hansen, R.R.: Flow Logic for Carmel. SECSAFE-IMM-001-1.5. Available from [11] (2002)
Vitek, J., Horspool, R.N., Uhl, J.S.: Compile-Time Analysis of Object-Oriented Programs. In: Pfahler, P., Kastens, U. (eds.) CC 1992. LNCS, vol. 641. Springer, Heidelberg (1992)
Nielson, H.R., Nielson, F.: Flow Logic: a multi-paradigmatic approach to static analysis. In: Mogensen, T.Æ., Schmidt, D.A., Sudborough, I.H. (eds.) The Essence of Computation. LNCS, vol. 2566, pp. 223–244. Springer, Heidelberg (2002)
Nielson, F., Nielson, H.R., Hankin, C.: Principles of Program Analysis. Springer, Heidelberg (1999)
Nielson, F., Nielson, H.R., Seidl, H.: A Succinct Solver for ALFP. Nordic Journal of Computing 2002, 335–372 (2002)
Nielson, F., Nielson, H.R., Hansen, R.R.: Validating Firewalls using Flow Logics. Theoretical Computer Science 283, 381–418 (2002)
Siveroni, I.: SecSafe (2003), Web page http://www.doc.ic.ac.uk/siveroni/secsafe/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rydhof Hansen, R. (2004). A Hardest Attacker for Leaking References. In: Schmidt, D. (eds) Programming Languages and Systems. ESOP 2004. Lecture Notes in Computer Science, vol 2986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24725-8_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-24725-8_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21313-0
Online ISBN: 978-3-540-24725-8
eBook Packages: Springer Book Archive