usenix conference policies
Java Card Secure Object Sharing
Since the invention of the Java Card, the issue of code and data sharing has been a topic of great interest. Early Java Cards shared data via files secured with access control lists. Java Card 2.1 specification introduced a method of object sharing, allowing access to methods of server applets using Shareable Interface Objects (SIO).
However, this SIO approach can be improved. It permits access to all interfaces of the SIO, whereas some interfaces may be intended only for particular clients. AID impersonation could be used to gain access to services unless the card authenticates all applets. Access to a SIO by future applets may be impossible. Passing object data between applets is quite cumbersome.
An approach to object sharing based on delegates is described, which provides needed improvements with minimal modifications to Java Card 2.1. Using the delegate approach, only the desired methods of an applet are exposed, and each method can be protected by any security policy the applet wishes to implement. A shared secret security policy is described, using challenge/response phrases to avoid revealing the shared secret. Such a security policy does not require applet authentication to avoid AID impersonation, and lends itself readily to access by any future applets that may be written.
author = {Michael Montgomery and Ksheerabdhi Krishna},
title = {Java Card Secure Object Sharing},
booktitle = {USENIX Workshop on Smartcard Technology (Smartcard 99)},
year = {1999},
address = {Chicago, IL},
url = {https://www.usenix.org/conference/usenix-workshop-smartcard-technology/java-card-secure-object-sharing},
publisher = {USENIX Association},
month = may
}
connect with us