A Programming and a Modelling Perspective on the Evaluation of Java Card Implementations

Hartel, Pieter H.; de Jong, Eduard

doi:10.1007/3-540-45165-X_5

Pieter H. Hartel^6,7 &
Eduard de Jong⁸

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2041))

Included in the following conference series:

International Java Card Workshop

449 Accesses

Abstract

Java Card Technology has provided a huge step forward in programming smart cards: from assembler to using a high level Object Oriented language. However, the authors have found some differences between the current Java Card version (2.1) and main stream Java that may restrict the benefits of using Java achievable in smartcard programming. In particular, efforts towards evaluating Java Card implementations at a high level of assurance may be hampered by the presence of these differences as well as by the complexity of the Java Card VM and API. The goal of the present paper is to detail the differences from a programming and a modelling point of view.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

P. Bertelsen. Semantics of Java byte code. Technical report, Technical Univ. of Denmark, Mar 1997. http://www.dina.kvl.dk/~pmb/.
OpenCard Consortium. OpenCard Framework-General Information Web Document. IBM Deutschland Entwicklung GmbH, Böblingen, Germany, second edition, Oct 1998. http://www.opencard.org.
E. Denney and Th. Jensen. Correctness of Java card method lookup via logical relations. In E. Smolka, editor, 9th European Symp.on programming (ESOP), LNCS 1782, pages 104–118, Berlin, West Germany, Mar 2000. Springer-Verlag, Berlin.
Google Scholar
J. Gosling, B. Joy, and G. Steele. The Java Language Specification. Addison Wesley, Reading, Massachusetts, 1996.
MATH Google Scholar
Smart Card Security User Group. Smart Card Protection Profile. U. S. Dept. of Commerce, National Bureau of Standards and Technology, May 2000. http://www.csrc.nist.gov/cc/.
P. Gutmann. Secure deletion of data from magnetic and Solid-State memory. In 6th Int.USENIX Security Symp.F ocusing on Applications of Cryptography, pages 77–89, San Jose, California, Jul 1996. Usenix Association, Berkely, California.
Google Scholar
P. H. Hartel. LETOS-a lightweight execution tool for operational semantics. Software-practice and experience, 29(15):1379–1416, Sep 1999. http://www.ecs.soton.ac.uk/~phh/letos.html.
Article Google Scholar
P.H. Hartel. Formalising Java safety-an overview. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, 4th Int.IFIP wg 8.8 Conf.Smart card research and advanced application (CARDIS), pages 115–134, Bristol, UK, Sep 2000. Kluwer Academic Publishers, Boston.
Google Scholar
P. H. Hartel, M. J. Butler, E. de Jong, and M. Longley. Transacted memory for smart cards. In 10th Formal Methods for Increasing Software Productivity (FME), LNCS, page to appear, Berlin, Germany, Mar 2001. Springer-Verlag, Berlin. http://www.dsse.ecs.soton.ac.uk/techreports/ 2000-9.html.
Google Scholar
J.-L. Lanet and A. Requet. Formal proof of smart card applets correctness. In J.-J. Quisquater and B. Schneier, editors, 3rd Int.Conf.Smart card research and advanced application (CARDIS 1998 preproceedings), Louvain la Neuve, Belgium, Sep 1998. Univ. Catholique de Louvain la Neuve.
Google Scholar
M. Montgomery and K. Krishna. Secure object sharing in Java card. In USENIX Workshop on Smartcard Technology (Smartcard’ 99), pages 119–127, Chicago, Illinois, 1999. USENIX Assoc, Berkeley, California.
Google Scholar
S. Motré. Formal model and implementation of the Java card dynamic security policy. In Approches Formelles dans l’Assistance au Développement de Logiciels-AFADL’2000, Grenoble, France, Jan 2000. http://www-lsr.imag.fr/afadl.
H. R. Nielson and F. Nielson. Semantics with applications: A formal introduction. John Wiley & Sons, Chichester, UK, 1991.
Google Scholar
M. Oestreicher. Transactions in Java card. In 15th Annual Computer Security Applications Conference (ACSAC), pages 291–298, Phoenix, Arizona, Dec 1999. IEEE Comput. Soc, Los Alamitos, California. http://www.acsac.org/1999/abstracts/thu-b-1500-marcus.html.
Chapter Google Scholar
M. Oestreicher and K. Krishna. Object lifetimes in Java card. In USENIX Workshop on Smartcard Technology (Smartcard’ 99), pages 129–37, Chicago, Illinois, 1999. USENIX Assoc, Berkeley, California.
Google Scholar
National Institute of Standards and Technology. Common Criteria for Information Technology Security Evaluation. U. S. Dept. of Commerce, National Bureau of Standards and Technology, Aug 1999. http://www.csrc.nist.gov/cc/.
J. Posegga and H. Vogt. Byte code verification for Java smart cards based on model checking. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, editors, European Symposium on Research in Computer Security (ESORICS), LNCS 1485, pages 175–190, Louvain-la-Neuve, Belgium, Sep 1998. Springer-Verlag, Berlin.
Google Scholar
J. Reid and M. Looi. Making sense of smart card security certifications. In J. Domingo-Ferrer, D. Chan, and A. Watson, editors, 4th Int.IFIP wg 8.8 Conf. Smart card research and advanced application (CARDIS), pages 225–240, Bristol, UK, Sep 2000. Kluwer Academic Publishers, Boston.
Google Scholar
E. Rose and K. H. Rose. Lightweight bytecode verification. In OOPSLA’98 Workshop on Formal Underpinnings of Java (FUJ), Vancouver, Canada, Nov 1998. http://www-dse.doc.ic.ac.uk/~sue/oopsla/cfp.html.
Sun. Java Card 2.1 Applications Programming Interface. Sun Micro systems Inc, Palo Alto, California, Jun 1999. http://www.java.sun.com/products/javacard/.
Google Scholar
Sun. Java Card 2.1 Runtime Environment (JCRE) Specification. Sun Micro systems Inc, Palo Alto, California, Jun 1999. http://www.java.sun.com/products/javacard/.
Google Scholar
Sun. Java Card 2.1 Virtual Machine Specification. Sun Micro systems Inc, Palo Alto, California, Mar 1999. http://www.java.sun.com/products/javacard/.
Google Scholar

Download references

Author information

Authors and Affiliations

Dept. of Computer Science, Univ. of Twente, The Netherlands
Pieter H. Hartel
Dept. of Electronics and Computer Science, Univ. of Southampton, UK
Pieter H. Hartel
Sun Microsystems, Inc, Palo Alto, CA, 94043, USA
Eduard de Jong

Authors

Pieter H. Hartel
View author publications
You can also search for this author in PubMed Google Scholar
Eduard de Jong
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

INRIA Sophia Antipolis, 06902, Sophia Antipolis, Cedex, France
Isabelle Attali
IRISA/CNRS, Campus de Beaulieu, 35042, Rennes, France
Thomas Jensen

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hartel, P.H., de Jong, E. (2001). A Programming and a Modelling Perspective on the Evaluation of Java Card Implementations. In: Attali, I., Jensen, T. (eds) Java on Smart Cards:Programming and Security. JavaCard 2000. Lecture Notes in Computer Science, vol 2041. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45165-X_5

Download citation

DOI: https://doi.org/10.1007/3-540-45165-X_5
Published: 18 June 2001
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42167-2
Online ISBN: 978-3-540-45165-5
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics