论文信息 - Which Security Policy for Multiplication Smart Cards?

Which Security Policy for Multiplication Smart Cards?

In this paper, we aim to clarify some issues regarding the deployment context of multiapplicative smart cards. We especially deal with the trust relationships between the involved parties and the resulting constraints from a security point of view. We highlight a new security threat in a multiapplicative context and propose a new multilevel security model which allows to control precisely the information flows inside the card, and to detect illegal data sharing. Finally we illustrate all the proposed concepts on an multiapplicative example involving three applications.

Pierre Girard

[1] Jean-Louis Lanet,et al. Formal Proof of Smart Card Applets Correctness , 1998, CARDIS.

[2] Joachim Posegga,et al. Byte Code Verification for Java Smart Card Based on Model Checking , 1998, ESORICS.

[3] Peter J. Denning,et al. Certification of programs for secure information flow , 1977, CACM.

[4] ToulouseFrance Colin O'HALLORAN. Formal Validation of Software for Secure Systems , 1995 .

[5] Daniel Le Métayer,et al. Compile-Time Detection of Information Flow in Sequential Programs , 1994, ESORICS.

[6] Dennis M. Volpano,et al. Secure flow typing , 1997, Comput. Secur..

[7] D. Elliott Bell,et al. Secure Computer System: Unified Exposition and Multics Interpretation , 1976 .

[8] Pierre Bieber. Formal techniques for an ITSEC-E4 secure gateway , 1996, Proceedings 12th Annual Computer Security Applications Conference.

[9] Frédéric Cuppens,et al. Rules for Designing Multilevel Object-Oriented Databases , 1998, ESORICS.