%0 Conference Proceedings
%T Can We Support Applications' Evolution in Multi-Application Smart Cards by Security-by-Contract?
%+ Department of Informatics and Mathematical Modelling [Lyngby] (IMM)
%+ Dipartimento di Ingegneria e Scienza dell'Informazione
%A Dragoni, Nicola
%A Gadyatskaya, Olga
%A Massacci, Fabio
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 4th IFIP WG 11.2 International Workshop on Information Security Theory and Practices: Security and Privacy of Pervasive Systems and Smart Devices (WISTP)
%C Passau, Germany
%Y Pierangela Samarati; Michael Tunstall; Joachim Posegga; Konstantinos Markantonakis; Damien Sauveron
%I Springer
%3 Information Security Theory and Practices. Security and Privacy of Pervasive Systems and Smart Devices
%V LNCS-6033
%P 221-228
%8 2010-04-12
%D 2010
%R 10.1007/978-3-642-12368-9_16
%K Security-by-Contract
%K multi-application smart card
%K illegal information exchange
%K security policy enforcement
%Z Computer Science [cs]/Digital Libraries [cs.DL]Conference papers
%X Java card technology have progressed at the point of running web servers and web clients on a smart card. Yet concrete deployment of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of appli- cations by di erent parties requires the control of interactions among possible applications after the card has been elded. Yet the current se- curity models and techniques do not support this type of evolution. We propose in this paper to apply the notion of security-by-contract (S C), that is a speci cation of the security behavior of an application that must be compliant with the security policy of the hosting platform. This compliance can be checked at load time and in this way avoid the need for costly run-time monitoring. We show how the S C approach can be used to prevent illegal information exchange among several applications on a single smart card platform, and to deal with dynamic changes in both contracts and platform policy.
%G English
%2 https://inria.hal.science/hal-01059143/document
%2 https://inria.hal.science/hal-01059143/file/60330223.pdf
%L hal-01059143
%U https://inria.hal.science/hal-01059143
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-LNCS-6033
%~ IFIP-TC
%~ IFIP-TC11
%~ IFIP-WISTP
%~ IFIP-WG11-2
%~ IFIP-2010