Abstract
Some important problems in information security such as software protection, watermarking and obfuscation have been proved to be impossible to solve with software-based solutions. By protecting certain actions in order to guarantee that they are executed as desired, trivial solutions to those problems can be implemented. For tamperproof hardware devices such as smart cards to serve this purpose they must provide the capability to execute code on-the-fly. This paper presents mechanism to allow dynamic code execution in Java Card in order for these cards to be used in software protection problems. However, the solution can be used in other applications.
Work partially supported by E.U. through projects SERENITY (IST-027587) and GREDIA (IST-034363) and by Junta de Castilla la Mancha through MISTICO-MECHANICS project (PBC06-0082).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Barak, B., Goldreich, O., Impagliazzo, R., Rudich, S., Sahai, A., Vadhan, S., Yang, K.: On the (Im)possibility of Obfuscating Programs. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 1–18. Springer, Heidelberg (2001)
Maña, A., Matamoros, S.: Practical Mobile Digital Signatures. In: Bauknecht, K., Tjoa, A.M., Quirchmayr, G. (eds.) EC-Web 2002. LNCS, vol. 2455, pp. 224–234. Springer, Heidelberg (2002)
Pagnia, H., Gartner, F.C.: On the impossibility of fair exchange without a trusted third party. Darmstadt University of Technology, Department of Computer Science Tech. Rep. TUD-BS-1999-02 (1999)
Spalka, A., Cremers, A.B., Langweg, H.: Protecting the creation of digital signatures with trusted computing platform technology against attacks by Trojan Horse programs. In: Proceedings of the 16th International Conference on Information Security (IFIP/SEC 2001), Kluwer Academic Publishers, Dordrecht (2001)
Schaumüller-Bichl, I., Piller, E.: A Method of Software Protection Based on the Use of Smart Cards and Cryptographic Techniques. In: Beth, T., Cot, N., Ingemarsson, I. (eds.) Advances in Cryptology. LNCS, vol. 209, pp. 446–454. Springer, Heidelberg (1985)
Herzberg, A., Pinter, S.S.: Public Protection of Software. ACM Transactions on Computer Systems 5(4)-87, 371–393 (1987)
Maña, A.: Protección de Software Basada en Tarjetas Inteligentes. PhD Thesis. University of Málaga (2003)
Hachez, G.: A Comparative Study of Software Protection Tools Suited for E-Commerce with Contributions to Software Watermarking and Smart Cards. PhD Thesis. Universite Catholique de Louvain (2003), http://www.dice.ucl.ac.be/~hachez/thesis_gael_hachez.pdf
Gunter Carl, A., Peter, H., Scott, N.: Infrastructure for Proof-Referencing Code. In: Proceedings, Workshop on Foundations of Secure Mobile Code (March 1997)
Yee, B.S.: A Sanctuary for Mobile Agents. Secure Internet Programming (1999)
Cryptolope link. http://ei.cs.vt.edu/~wwwbtb/book/chap8/sect2/cryptolope.html
Garcia-Molina, H., Ketchpel, S., Shivakumar, N.: Safeguarding and Charging for Information on the Internet. In: Proceedings of the Intl. Conf. on Data Engineering (1998)
Intertrust Technologies. Intertrust Technologies Home Page, http://www.intertrust.com/
Collberg, C., Thomborson, C.: Watermarking, Tamper-Proofing, and Obfuscation - Tools for Software Protection. University of Auckland Technical Report #170 (2000) http://www.cs.auckland.ac.nz/~collberg/Research/Publications/CollbergThomborson2000a/index.html
Goldreich, O.: Towards a theory of software protection. In: Proc. 19th Ann. ACM Symp. on Theory of Computing, pp. 182–194. ACM Press, New York (1987)
Sander, T., Tschudin, C.F.: On Software Protection via Function Hiding. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 111–123. Springer, Heidelberg (1998)
Pearson, S., Balacheff, B., Chen, L., Plaquin, D., Proudler, G.: Trusted Computer Platforms. Prentice Hall PTR 2003, Englewood Cliffs (2003)
White, S., Commerford, L.: ABYSS: An Architecture for Software Protection. IEEE Transactions on Software Engineering 16(6) (1990)
Maña, A., López, J., Ortega, J.J., Pimentel, E., Troya, J.M.: A Framework for Secure Execution of Software. International Journal of Information Security 2004 (to appear)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maña, A., Muñoz, A. (2007). Trusted Code Execution in JavaCard. In: Lambrinoudakis, C., Pernul, G., Tjoa, A.M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2007. Lecture Notes in Computer Science, vol 4657. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74409-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-540-74409-2_29
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74408-5
Online ISBN: 978-3-540-74409-2
eBook Packages: Computer ScienceComputer Science (R0)