A Load Time Policy Checker for Open Multi-Application Smart Cards

Nicola Dragoni; Eduardo Lostal; Olga Gadyatskaya; Fabio Massacci; Federica Paci

doi:10.1109/POLICY.2011.40

A Load Time Policy Checker for Open Multi-Application Smart Cards

Nicola Dragoni, Eduardo Lostal, Olga Gadyatskaya, Fabio Massacci, Federica Paci

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

Abstract

Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card with their security policy. We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance measurements.

Original language	English
Title of host publication	2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY)
Publisher	IEEE
Publication date	2011
Pages	153-156
ISBN (Print)	978-1-4244-9879-6
DOIs	https://doi.org/10.1109/POLICY.2011.40
Publication status	Published - 2011
Event	IEEE International Symposium on Policies for Distributed Systems and Networks - Pisa, Italy Duration: 6 Jun 2011 → 8 Jun 2011 http://www.policy-workshop.org/2011/

Conference

Conference	IEEE International Symposium on Policies for Distributed Systems and Networks
Country	Italy
City	Pisa
Period	06/06/2011 → 08/06/2011
Internet address	http://www.policy-workshop.org/2011/

Access to Document

10.1109/POLICY.2011.40

http://www.policy-workshop.org/

Fingerprint Dive into the research topics of 'A Load Time Policy Checker for Open Multi-Application Smart Cards'. Together they form a unique fingerprint.

Cite this

@inproceedings{7e5328bfbcfc43279a5619dbb9575f15,

title = "A Load Time Policy Checker for Open Multi-Application Smart Cards",

abstract = "Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card with their security policy. We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance measurements.",

author = "Nicola Dragoni and Eduardo Lostal and Olga Gadyatskaya and Fabio Massacci and Federica Paci",

year = "2011",

doi = "10.1109/POLICY.2011.40",

language = "English",

isbn = "978-1-4244-9879-6",

pages = "153--156",

booktitle = "2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY)",

publisher = "IEEE",

address = "United States",

note = "IEEE International Symposium on Policies for Distributed Systems and Networks, POLICY 2011 ; Conference date: 06-06-2011 Through 08-06-2011",

url = "http://www.policy-workshop.org/2011/",

}

Dragoni, N, Lostal, E, Gadyatskaya, O, Massacci, F & Paci, F 2011, A Load Time Policy Checker for Open Multi-Application Smart Cards. in 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY). IEEE, pp. 153-156, IEEE International Symposium on Policies for Distributed Systems and Networks, Pisa, Italy, 06/06/2011. https://doi.org/10.1109/POLICY.2011.40

A Load Time Policy Checker for Open Multi-Application Smart Cards. / Dragoni, Nicola; Lostal, Eduardo; Gadyatskaya, Olga; Massacci, Fabio; Paci, Federica.

2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY). IEEE, 2011. p. 153-156.

Research output: Chapter in Book/Report/Conference proceeding › Article in proceedings › Research › peer-review

TY - GEN

T1 - A Load Time Policy Checker for Open Multi-Application Smart Cards

AU - Dragoni, Nicola

AU - Lostal, Eduardo

AU - Gadyatskaya, Olga

AU - Massacci, Fabio

AU - Paci, Federica

PY - 2011

Y1 - 2011

N2 - Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card with their security policy. We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance measurements.

AB - Applications on multi-application smart cards contain sensitive data and can exchange information. Thus a major concern is that these applications should not exchange data unless permitted by their respective policy. As modern smart cards allow post-issuance installation and removal of applications, traditional approaches for information flow analysis are not suitable. We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card with their security policy. We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance measurements.

U2 - 10.1109/POLICY.2011.40

DO - 10.1109/POLICY.2011.40

M3 - Article in proceedings

SN - 978-1-4244-9879-6

SP - 153

EP - 156

BT - 2011 IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY)

PB - IEEE

T2 - IEEE International Symposium on Policies for Distributed Systems and Networks

Y2 - 6 June 2011 through 8 June 2011

ER -