ABSTRACT
The overall security level of applications running on a smart card is not only determined by the particular applications and by the operating system but also by external devices. All proposed security models of smart card operating systems assume the secure communication of applications on the card and the outside world, e.g. card readers, to be implemented by the applications themselves. In order to integrate external devices and external applications in a mandatory security policy, we extend the SMaCOS security model, which combines the secrecy model by Bell/LaPadula and the integrity model by Biba. Therefore, we introduce a modified execution access right and use integrity access categories to implement real world applications. As a case study, we give a signature creation application in combination with biometric user verification.
- Information Technology Security Evaluation Criteria (ITSEC), 1991.Google Scholar
- Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community Framework for Electronic Signatures, 1999.Google Scholar
- J. Andronick, B. Chatali, and O. Ly. Using Coq to verify Java Card applet isolation properties. In 16th International Conference on Theorem Proving in Higher Order Logics, no. 2758 in LNCS. Springer, 2003.Google Scholar
- D. Bell and L. LaPadula. Secure Computer Systems: Unified Exposition and Multics Interpretation. Technical Report MTR-2997, Bedford, Mass., 1976.Google ScholarCross Ref
- K. Biba. Integrity Considerations for Secure Computer Systems. Technical Report MTR-3153, Bedford, Mass., 1977.Google Scholar
- M. Brown. MULTOS version 4 on Hitachi AE45C integrated circuit card. Technical Report Certification Report No. P167, Cheltenham, UK, 2002.Google Scholar
- Protection Profile - Secure Signature-Creation Device, 2001. European Committee for Standardization.Google Scholar
- Common Criteria for Information Technology Security Evaluation (CC) V2.0, 1999.Google Scholar
- A. Karger, V. Austel, and D. Toll. Using a mandatory secrecy and integrity policy on smart cards and mobile devices. In (EUROSMART) Security Conference, pages 134--148, Marseille, France, 2000.Google Scholar
- A. Karger, V. Austel, and D. Toll. A new mandatory security policy combining secrecy and integrity. Technical Report RC 21717, T.J.Watson Research Center, Yorktown Heights, NY, 2000.Google Scholar
- G. Lassmann. Some results on robustness, security and usability of biometric systems. In IEEE International Conference on Multimedia and Expo, Lausanne, 2002.Google ScholarCross Ref
- D. Maltoni, D. Maio, A. Jain, and S. Prabhaker. Handbook of Fingerprint Recognition. Springer-Verlag New York, 2003. Google ScholarDigital Library
- T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino. Impact of artificial gummy fingers on fingerprint systems. In Proceedings of the SPIE, Optical Security and Counterfeit Deterrence Techniques IV, pages 275--289, 2002.Google ScholarCross Ref
- S. Nanavati, M. Thieme, and R. Nanavati. Biometrics - Identity Verification in a Networked World. John Wiley & Sons New York, 2002. Google ScholarDigital Library
- G. Schellhorn, W. Reif, A. Schairer, P. Karger, V. Austel, and D. Toll. Verification of a Formal Security Model for Multiapplicative Smart Cards. In Proceedings of the 6th European Symposium on Research in Computer Security, LNCS 1895, pages 17--36, Springer, 2000. Google ScholarDigital Library
- D. Scheuermann, S. Schwiderski-Grosche, and B. Struif. Usability of biometrics in relation to electronic signatures. Technical Report Report Nr. 118, GMD, 2000.Google Scholar
- L. Thalheim, J. Krissler, and P. Ziegler. Body check: Biometric access protection devices and their programs put to the test. c't - Magazin für Computertechnik, 10:114, 2002.Google Scholar
- U. Waldmann, D. Scheuermann, and C. Eckert. Protected transmission of biometric user authentication data for oncard-matching. In SAC '04: Proceedings of the 2004 ACM symposium on Applied computing, pages 425--430, New York, NY, USA, 2004. ACM Press. Google ScholarDigital Library
Index Terms
- An extended model of security policy for multi-applicative smart cards
Recommendations
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
A Multi-Application Smart Card System with Authentic Post-Issuance Program Modification
A multi-application smart card system consists of an issuer, service vendors and cardholders, where cardholders are recipients of smart cards (from the issuer) to be used in connection with applications offered by service vendors. Authentic post-...
Inconsistency Detection System for Security Policy and Firewall Policy
ICNC '10: Proceedings of the 2010 First International Conference on Networking and ComputingPacket filtering in firewall either accepts or denies network packets based upon a set of pre-defined filters called firewall policy. Firewall policy is designed under the instruction of security policy. A network security policy is a generic document ...
Comments