论文信息 - Electronic Purse Applet Certification: extended abstract

Electronic Purse Applet Certification: extended abstract

Abstract The paper describes the status of a joint project between Gemplus and ONERA. Gemplus developed an electronic purse running on Java enabled smart cards. The project goal is to verify security properties that should be enforced by the applets involved in this application. A security policy has been defined that associates levels to applet attributes and methods and defines authorized flows between levels. We propose a technique based on model checking to verify that actual information flows between applets are authorized.

[1] Pierre Girard. Which Security Policy for Multiplication Smart Cards? , 1999, Smartcard.

[2] Frédéric Cuppens,et al. A Logical View of Secure Dependencies , 1992, J. Comput. Secur..

[3] Frank Yellin,et al. The Java Virtual Machine Specification , 1996 .

[4] Frank Yellin,et al. The java virtual machine , 1996 .

[5] Pieter H. Hartel,et al. The Operational Semantics of a Java Secure Processor , 1999, Formal Syntax and Semantics of Java.

[6] Martín Abadi,et al. A type system for Java bytecode subroutines , 1999, TOPL.

[7] Stephen N. Freund,et al. A type system for object initialization in the Java bytecode language , 1998, OOPSLA '98.

[8] José Meseguer,et al. Unwinding and Inference Control , 1984, 1984 IEEE Symposium on Security and Privacy.