Abstract
While bringing considerable flexibility and extending the horizons of mobile computing, mobile code raises major security issues. Hence, mobile code, such as Java applets, needs to be analyzed before execution. The byte-code verifier checks low-level security properties that ensure that the downloaded code cannot bypass the virtual machine’s security mechanisms. One of the statically ensured properties is type safety. The type-inference phase is the overwhelming resource-consuming part of the verification process. This paper addresses the RAM bottleneck met while verifying mobile code in memory-constrained environments such as smart-cards. We propose to modify classic type-inference in a way that significantly reduces memory consumption. Our algorithm is inspired by bit-slice data processing and consists in running the verifier on each variable in turn. In other words, instead of running the fix-point calculation algorithm once on M variables, we re-launch the algorithm M/l times, verifying each time only l variables. Parameter l can then be tuned to suit the RAM resources available on board whereas M/l upper-bounds the computational effort (expressed in re-runs of the usual fix-point calculation algorithm). The resulting RAM economy, as experimented on a number of popular applets, is around 40%.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
A. Aho, R. Sethi, J. Ullman, Compilers: Principles, Techniques, and Tools, Addison-Wesley, 1986. 125
Z. Chen, Java Card Technology for Smart Cards: Architecture and Programmer’s Guide, The Java Series, Addison-Wesley, 2000. 118, 130
R. Cohen, The defensive Java virtual machine specification, Technical Report, Computational Logic Inc., 1997. 119
P. Cousot, R. Cousot, Abstract Interpretation: a Unified Lattice Model for Static Analysis by Construction or Approximation of Fixpoints, Proceedings of POPL’77, ACM Press, Los Angeles, California, pp. 238–252. 121
X. Leroy, Java Byte-Code Verification: an Overview, In G. Berry, H. Comon, and A. Finkel, editors, Computer Aided Verification, CAV 2001, volume 2102 of Lecture Notes in Computer Science, pp. 265–285, Springer-Verlag, 2001. 120
X. Leroy, On-Card Byte-code Verification for Java card, In I. Attali and T. Jensen, editors, Smart Card Programming and Security, proceedings E-Smart 2001, volume 2140 of Lecture Notes in Computer Science, pp. 150–164, Springer-Verlag, 2001. 119
X. Leroy, Bytecode Verification for Java smart card, Software Practice & Experience, 32:319–340, 2002. 119
T. Lindholm, F. Yellin, The Java Virtual Machine Specification, The Java Series, Addison-Wesley, 1999. 119, 120, 122, 124, 129, 136
G. McGraw, E. Felten Securiy Java, John Wiley & Sons, 1999. 119
S. Muchnick, Advanced Compiler Design and Implementation, Morgan Kaufmann, 1997. 125
G. Necula, Proof-carrying code, Proceedings of POPL’97, pp. 106–119, ACM Press, 1997. 119
D. Schmidt, Denotational Semantics, a Methodology for Language Development, Allyn and Bacon, Boston, 1986.
P. Bieber, J. Cazin, A. El-Marouani, P. Girard, J.-L. Lanet, V. Wiels, G. Zanon, The PACAP prototype: a tool for detecting java card illegal flows, In I. Attali and T. Jensen, editors, Java on Smart Cards: Programming and Security, vol. 2041 of Lecture Notes in Computer Science, pp. 25–37, Springer-Verlag, 2001. 136
A. Yao, New algorithms for bin packing, Journal of the ACM, 27(2):207–227, April 1980. 134
W. de la Vega, G. Lueker, Bin packing can be solved within 1+∈ in linear time, Combinatorica, 1(4):349–355, 1981. 134
D. Johnson, A. Demers, J. Ullman, M. Garey, R. Graham, Worst-case performance bounds for simple one-dimensional packaging algorithms, SIAM Journal on Computing, 3(4):299–325, December 1974. 134
B. Baker, A new proof for the first-fit decreasing bin-packing algorithm, SIAM Journal Alg. Disc. Meth., 2(2):147–152, June 1981. 134
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maltesson, N., Naccache, D., Trichina, E., Tymen, C. (2003). Applet Verification Strategies for RAM-Constrained Devices. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_9
Download citation
DOI: https://doi.org/10.1007/3-540-36552-4_9
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00716-6
Online ISBN: 978-3-540-36552-5
eBook Packages: Springer Book Archive