High-level algorithms and data structures requirements for security-by-contract on Java cards

Abstract

The Java Card technology has progressed to the point of running web servers and web clients on a smart card. Yet concrete deployments of multi-applications smart cards have remained extremely rare because the business model of the asynchronous download and update of applications by different parties requires the control of interactions among possible applications after the card has been fielded. The current security models and techniques do not support this type of evolution. We propose in this paper to apply the notion of security-by-contract (S×C), that is a specification of security-related behaviour of an application that must be compliant with the security policy of the hosting platform. This compliance can be checked at the application loading time, avoiding in this way the need of costly runtime monitoring. We show how S×C can be used to prevent illegal information exchange among applications on a single smart card platform in presence of dynamic changes on the card.