a type system for checking applet isolation in java card
play

A Type System for Checking Applet Isolation in Java Card Peter - PowerPoint PPT Presentation

Dec 11, 2022 •231 likes •398 views

A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work with Werner Dietl and Arnd Poetzsch-Heffter 2 A Type System for Checking Applet Isolation in Java Card Applet Isolation Firewall Applet Context 1

  1. A Type System for Checking Applet Isolation in Java Card Peter Müller ETH Zürich Joint work with Werner Dietl and Arnd Poetzsch-Heffter

  2. 2 A Type System for Checking Applet Isolation in Java Card Applet Isolation Firewall Applet Context 1 Applet Context 2 SIO Firewall PEP TEP JCRE Context Peter Müller – CASSIS 2004

  3. 3 A Type System for Checking Applet Isolation in Java Card Example class Status { interface Service extends Shareable { … Status doService( ); boolean isSuccess( ) { … } } } class Client extends Applet { … void process( APDU apdu ) { AID server = …; Shareable s = JCSystem.getAppletShareableInterfaceObject( server, ( byte ) 0 ); Service service = ( Service ) s; Status status = service.doService( ); if ( status.isSuccess( ) ) { … } // SecurityException raised } } Peter Müller – CASSIS 2004

  4. 4 A Type System for Checking Applet Isolation in Java Card Motivation ! Formal program verification - Prove absence of SecurityExceptions for many kinds of expressions - Firewall property causes significant overhead for specifications and proofs ! Objective - Check applet isolation statically - Develop a solution for source programs - Build on experience with ownership and the Universe Type System Peter Müller – CASSIS 2004

  5. 5 A Type System for Checking Applet Isolation in Java Card Approach ! Use type system Firewall Applet Context 1 Applet Context 2 to classify references to - Objects in the same context SIO - Objects in any contexts - Entry points Firewall ! Perform static checks to PEP enforce applet isolation JCRE Context Peter Müller – CASSIS 2004

  6. 6 A Type System for Checking Applet Isolation in Java Card Tagged Types ! Tags - intern : References within a context - any : References to any context - pep : References to permanent entry points - tep : References to temporary entry points and global arrays ! Tagged types specify the context a reference may point into - Tagged types are tuples: Tag × Type, e.g., intern T Peter Müller – CASSIS 2004

  7. 7 A Type System for Checking Applet Isolation in Java Card Type Rules ! intern and pep types are any T tep T subtypes of the corresponding any types intern T pep T ! Type rules for tagged types follow Java’s type rules void process( tep APDU apdu ) { intern AID server = …; any Shareable s = JCSystem.getAppletShareableInterfaceObject( server, ( byte ) 0 ); any Service service = ( any Service ) s; ?? Status status = service.doService( ); if ( status.isSuccess( ) ) { … } } Peter Müller – CASSIS 2004

  8. 8 A Type System for Checking Applet Isolation in Java Card Method Invocations ! Tag intern specifies interface Service extends Shareable { context relatively to intern Status doService( ); } the current context ! For method any Service service = …; any Service service = …; ?? Status status = service.doService( ); any Status status = service.doService( ); invocations, parameter and result types have to Firewall be interpreted relatively to the tag service of the target Peter Müller – CASSIS 2004

  9. 9 A Type System for Checking Applet Isolation in Java Card Type Combinations ! Type combinator * (H,T)*(G,S) = { ( any ,S) if H ≠ intern and G = intern (G,S) otherwise ! Type rule for method invocations | e1 :: (H,T) , | e2 :: (G,S) , (H,T)*(G,S) <: (F P ,T P ) | e1.m( e2 ) :: (H,T)*(F R ,T R ) Peter Müller – CASSIS 2004

  10. 10 A Type System for Checking Applet Isolation in Java Card Dynamic Type Checks ! Casts - Downcasts from any types to corresponding intern and pep types require dynamic checks - In practice only necessary for static fields (no intern tag) - Casts may throw SecurityException ! Covariant arrays - intern T[ ] and pep T[ ] are not subtypes of any T[ ] - Avoid dynamic check for assignments to array slots Peter Müller – CASSIS 2004

  11. 11 A Type System for Checking Applet Isolation in Java Card Static Firewall Checks ! Method invocation e.m(…) - (H,T) is the static tagged type of e - If H is any , T has to be an interface that extends Shareable ! Field access e1.f = e2 - Static type of e1 must have tag intern - Static type of e2 must not have tag tep Peter Müller – CASSIS 2004

  12. 12 A Type System for Checking Applet Isolation in Java Card Example Revisited class Status { interface Service extends Shareable { … intern Status doService( ); boolean isSuccess( ) { … } } } class Client extends Applet { … void process( tep APDU apdu ) { intern AID server = …; any Shareable s = JCSystem.getAppletShareableInterfaceObject( server, ( byte ) 0 ); any Service service = ( any Service ) s; any Status status = service.doService( ); if ( status.isSuccess( ) ) { … } // Static type error } } Peter Müller – CASSIS 2004

  13. 13 A Type System for Checking Applet Isolation in Java Card Results ! Type Safety - All references are correctly tagged - Proof by rule induction based on operational semantics ! Applet Isolation - Lemma: Each Java Card program with tagged types that passes the static checks behaves like the corresponding program with dynamic checks - Every Java Card program that can be correctly tagged does not throw SecurityExceptions (except for casts) - Proof by rule induction with two operational semantics (with and without dynamic checks) Peter Müller – CASSIS 2004

  14. 14 A Type System for Checking Applet Isolation in Java Card Conclusions ! Presented approach supports program verification - Absence of SecurityException does not have to be shown during verification (except for some casts) - Static checking is modular ! Security requires - Type system on bytecode level - Adapted VM / Bytecode verifier - Forbidding downcasts from any to intern or pep Peter Müller – CASSIS 2004

  15. 15 A Type System for Checking Applet Isolation in Java Card Future Work ! Extension of presented work - Support for missing language features (exceptions) - Annotation of Java Card API ! Formal verification - Integration of type system with Universe Type System - Implementation in J IVE (Java Interactive Verification Environment) Peter Müller – CASSIS 2004

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java

Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java

Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java creates an instance of the applet class. Graphics Certain methods run automatically: init() start() stop() paint() As with all methods, we can

325 views • 4 slides
Create your own type system in 1 hour Michael Ernst University of Washington

Create your own type system in 1 hour Michael Ernst University of Washington

Create your own type system in 1 hour Michael Ernst University of Washington http://CheckerFramework.org/ Motivation java.lang.NullPointerException java.lang.NullPointerException Java's type system is too weak Type checking prevents many

387 views • 28 slides
CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet

CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet

CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet and more tools of trade Life cycle of an applet Simple drawing and events Conclusions CS126 21-1 Randy Wang Applets: Beyond Animated

624 views • 7 slides
CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet

CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet

CS 126 Lecture S2: Introduction to Java Applets Outline Introductions Your first applet and more tools of trade Life cycle of an applet Simple drawing and events Conclusions CS126 21-1 Randy Wang Applets: Beyond Animated

468 views • 13 slides
http://www-history.mcs.st- Fantastic java applet for Blackbody radiation

http://www-history.mcs.st- Fantastic java applet for Blackbody radiation

http://www-history.mcs.st- Fantastic java applet for Blackbody radiation http://phet.colorado.edu/sims/blackbody-spectrum/blackbody-spectrum_en.html Fantastic java applet for the photoelectric effect

149 views • 13 slides
Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004 A misleading question ? File System = a data structure seen at the card edge This part of ISO/IEC 7816 specifies: the contents of the

99 views • 5 slides
Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks:

COMP 520 Fall 2010 Type checking (1) Type checking COMP 520 Fall 2010 Type checking (2) The type checker has severals tasks: determine the types of all expressions; check that values and variables are used correctly; and resolve

631 views • 30 slides
New Business Card Request System Programmed Layout Just type in information and the layout

New Business Card Request System Programmed Layout Just type in information and the layout

New Business Card Request System Programmed Layout Just type in information and the layout will adjust . Your order is then placed and reviewed . Benefits Get your card quicker . Cost savings in printing . Adjuncts who we

416 views • 14 slides
Type Checking General properties of type systems Types in programming languages

Type Checking General properties of type systems Types in programming languages

Outline Type Checking General properties of type systems Types in programming languages Notation for type rules Logical rules of inference Common type rules 2 Static Checking Static Checking (Cont.) Refers to

896 views • 10 slides
Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the

Type Reconstruction and Polymorphism 1 Type Checking and Type Reconstruction We now come to the question of type checking and type reconstruction. Given , t and T , check whether t : T Type checking: Given and t , find a type T

518 views • 28 slides
Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA

Model Checking Java Programs (Java PathFinder) Slides partially compiled from the NASA JavaPathFinder project and E. Clarkes course material Java PathFinder JPF is an explicit state software model checker for Java bytecode JPF is a Java

888 views • 35 slides
Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt

Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt

Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt Paderborn, Institut fr Informatik Jrgen Gnther, ORGA Kartensysteme GmbH, Paderborn First International Workshop on Software Quality SOQUA 2004,

458 views • 17 slides
Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp .

Type Checking Grammar Rule Semantic Rule var-decl id : type-exp Insert (id.name, type-exp . type ) type-exp int type-exp . type := integer type-exp bool type-exp . type := boolean type-exp 1 array type-exp 1 . type := [num] of

613 views • 7 slides
Showing your applet on a webpage 1 11/22/2013 Steps Find the build folder inside your

Showing your applet on a webpage 1 11/22/2013 Steps Find the build folder inside your

11/22/2013 CSCI-1101B Lab Java Topics Applet on webpage Interface GUI Mohammad T . Irfan 11/22/13 Showing your applet on a webpage 1 11/22/2013 Steps Find the build folder inside your project folder You will see An html

450 views • 8 slides
Smart( Java )Card ... What &amp; Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What &amp; Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What &amp; Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Mitacs: Proven Partner in International Innovation Christopher M. LaPrade International

Mitacs: Proven Partner in International Innovation Christopher M. LaPrade International

American Chemical Society ACS International Center presents Mitacs: Proven Partner in International Innovation Christopher M. LaPrade International Activities American Chemical Society Brian Kalakula International Relations Officer Mitacs

284 views • 27 slides
THE PATH(WAYS) TO RETENTION THROUGH A SUCCESSFUL INTERN PROGRAM Presented by: Janice Gonzalez

THE PATH(WAYS) TO RETENTION THROUGH A SUCCESSFUL INTERN PROGRAM Presented by: Janice Gonzalez

THE PATH(WAYS) TO RETENTION THROUGH A SUCCESSFUL INTERN PROGRAM Presented by: Janice Gonzalez and Laura Stanek Wednesday, April 4, 2018 Traditional Methods of Federal Talent Acquisition Post and pray Word of mouth Current non- Networks

450 views • 12 slides
Streamlining Resulting and Analysis for High-stakes Examinations Australian Pharmacy Council

Streamlining Resulting and Analysis for High-stakes Examinations Australian Pharmacy Council

Streamlining Resulting and Analysis for High-stakes Examinations Australian Pharmacy Council Accredit and evaluate pharmacy degree programs, intern training programs in Australia, New Zealand and internationally Accredit organisations

307 views • 28 slides
Learning management through matching: A field experiment using mechanism design Girum Abebe (World

Learning management through matching: A field experiment using mechanism design Girum Abebe (World

Introduction Experiment &amp; Context Results: ATEs Framework: Treatment varieties Results: Variety MTEs Other mechanisms Learning management through matching: A field experiment using mechanism design Girum Abebe (World Bank), Marcel

811 views • 58 slides
Kernel Internship Report (Outreachy) Successor of the Outreach Program for Women (OPW) Julia

Kernel Internship Report (Outreachy) Successor of the Outreach Program for Women (OPW) Julia

Kernel Internship Report (Outreachy) Successor of the Outreach Program for Women (OPW) Julia Lawall (Inria/Irill/LIP6) Ebru Akag und uz, Roberta Dobrescu, Aya Mahfouz, Iulia Manda, Cristina Georgiana Opriceana, Greg Kroah-Hartman, Laurent

1.04k views • 79 slides
WELCOME TO H510 INTERNSHIP SEMINAR Andy Chuinard, MPH College of Public Health and Human

WELCOME TO H510 INTERNSHIP SEMINAR Andy Chuinard, MPH College of Public Health and Human

College of Public Health and Human Sciences WELCOME TO H510 INTERNSHIP SEMINAR Andy Chuinard, MPH College of Public Health and Human Sciences H510 Internship Seminar AGENDA Roles and Responsibilities Internship Search Process and

409 views • 20 slides
Alaska Board of Pharmacy Richard Holt, BS Pharm, PharmD, MBA Chair Leif Holm, PharmD Vice-Chair

Alaska Board of Pharmacy Richard Holt, BS Pharm, PharmD, MBA Chair Leif Holm, PharmD Vice-Chair

Alaska Board of Pharmacy Richard Holt, BS Pharm, PharmD, MBA Chair Leif Holm, PharmD Vice-Chair Alaska Board of Pharmacy Disclosures RICHARD HOLT I have no relevant financial relationships with the organizer of todays event.

829 views • 25 slides
CSU East Bay Campus Committee on Professional PreK-12 Education (CCPK-12 E) Wednesday, May 27,

CSU East Bay Campus Committee on Professional PreK-12 Education (CCPK-12 E) Wednesday, May 27,

CSU East Bay Campus Committee on Professional PreK-12 Education (CCPK-12 E) Wednesday, May 27, 2015 10:00-12:00 - AE 143 Welcome! Welcome Introductions Purpose of the CCPK-12E New Intern Requirements District and University

691 views • 13 slides

More recommend