952 research outputs found
Bytecode verification on Java smart cards
International audienceThis article presents a novel approach to the problem of bytecode verification for Java Card applets. By relying on prior off-card bytecode transformations, we simplify the bytecode verifier and reduce its memory requirements to the point where it can be embedded on a smart card, thus increasing significantly the security of post-issuance downloading of applets on Java Cards. This article describes the on-card verification algorithm and the off-card code transformations, and evaluates experimentally their impact on applet code size
Towards a General Framework for Formal Reasoning about Java Bytecode Transformation
Program transformation has gained a wide interest since it is used for
several purposes: altering semantics of a program, adding features to a program
or performing optimizations. In this paper we focus on program transformations
at the bytecode level. Because these transformations may introduce errors, our
goal is to provide a formal way to verify the update and establish its
correctness. The formal framework presented includes a definition of a formal
semantics of updates which is the base of a static verification and a scheme
based on Hoare triples and weakest precondition calculus to reason about
behavioral aspects in bytecode transformationComment: In Proceedings SCSS 2012, arXiv:1307.802
Smart cards: State-of-the-art to future directions
The evolution of smart card technology provides an interesting case study of the relationship and interactions between security and business requirements. This paper maps out the milestones for smart card technology, discussing at each step the opportunities and challenges. The paper reviews recently proposed innovative ownership/management models and the security challenges associated with them. The paper concludes with a discussion of possible future directions for the technology, and the challenges these present
Formalizing non-interference for a simple bytecode language in Coq
In this paper, we describe the application of the interactive theorem prover Coq to the security analysis of bytecode as used in Java. We provide a generic specification and proof of non-interference for bytecode languages using the Coq module system. We illustrate the use of this formalization by applying it to a small subset of Java bytecode. The emphasis of the paper is on modularity of a language formalization and its analysis in a machine proof
- …