JCSI: A tool for checking secure information flow in Java Card applications

Artigo Revisado por pares

JCSI: A tool for checking secure information flow in Java Card applications

2012; Elsevier BV; Volume: 85; Issue: 11 Linguagem: Inglês

10.1016/j.jss.2012.05.061

ISSN

1873-1228

Autores

Marco Avvenuti, Cinzia Bernardeschi, Nicoletta De Francesco, Paolo Masci,

Tópico(s)

Distributed systems and fault tolerance

Resumo

This paper describes a tool for checking secure information flow in Java Card applications. The tool performs a static analysis of Java Card CAP files and includes a CAP viewer. The analysis is based on the theory of abstract interpretation and on a multi-level security policy assignment. Actual values of variables are abstracted into security levels, and bytecode instructions are executed over an abstract domain. The tool can be used for discovering security issues due to explicit or implicit information flows and for checking security properties of Java Card applications downloaded from untrusted sources.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

JCSI: A tool for checking secure information flow in Java Card applications