cate a system for analysis and test of java card
play

Cate: A System for Analysis and Test of Java Card Applications - PowerPoint PPT Presentation

Feb 18, 2023 •274 likes •458 views

Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universitt Paderborn, Institut fr Informatik Jrgen Gnther, ORGA Kartensysteme GmbH, Paderborn First International Workshop on Software Quality SOQUA 2004,

  1. Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universität Paderborn, Institut für Informatik Jürgen Günther, ORGA Kartensysteme GmbH, Paderborn First International Workshop on Software Quality SOQUA 2004, Erfurt, September 30 1

  2. The Smart Card Market Telecommuni- Banking Health Identification cations • Cards for GSM and • Bank and • Health insurance • ID- and UMTS (3G) credit cards cards signature cards • Signature cards Security and Authentication Software Quality No Updates, Patches, Service Packs Java Card Cate Pfahler/Günther 2

  3. Cate: A System for Analysis and Test of Java Card Applications Basic Idea : By using Java as the programming language for card software, the usage of program analysis tools becomes feasible. Overview: Smart card basics: Master/Slave Communication, Java Card Static Analysis : Command-Response behavior Dynamic Analysis : Test coverage The Cate System : Practical experience Cate Pfahler/Günther 3

  4. Java Card Java Cards include a Java Virtual Machine (JVM) to run Java applications. Java Java Java Applet 1 Applet 2 Applet n Native Native App. 1 App. 2 Card Loader System Java Interpreter Admini- API API strator Services / File System Crypto Card Manager APDU Server Manager Memory Manager Library Hardware Drivers Cate Pfahler/Günther 4

  5. The smart card communication model: Master/Slave CLA INS P1 P2 LC DAT LE Command APDU Card Smart Card accepting device Host Response APDU DAT SW1 SW2 Cate Pfahler/Günther 5

  6. Static Analysis of Command/Response Behavior Typical Structure of a Java Card Applet 1 void process(APDU apdu) { byte [] buf = apdu.getBuffer(); if (buf[CLA] == 0x80) { 2 switch (buf[INS]) { 3 case 0x20: ... 4 case 0x22: ... 5 case 0x24: ... 6 case 0x26: ... 7 default: ... } } else { 8 CardException.throwIt(0x6D00); } 9 } Cate Pfahler/Günther 6

  7. Static Analysis of Command/Response Behavior Typical Structure of a Java Card Applet Code Clichés 1 void process(APDU apdu) { byte [] buf = apdu.getBuffer(); if (buf[CLA] == 0x80) { 2 switch (buf[INS]) { APDU fetch 3 case 0x20: ... 4 case 0x22: ... APDU access 5 case 0x24: ... 6 case 0x26: ... Control flow branching 7 default: ... } Return code generation } else { 8 CardException.throwIt(0x6D00); } 9 } Cate Pfahler/Günther 7

  8. Static Analysis of Command/Response Behavior Control Flow Analysis 1 Data Flow Analysis based on Clichés CLA = 0x80 CLA ≠ 0x80 2 8 Response 0x6D00 INS=0x22 INS=0x26 INS=0x20 INS=0x24 default 3 4 5 6 7 Results: Document listing the command/response combinations Annotated Control Flow Graph 9 Cate Pfahler/Günther 8

  9. Static Analysis of Command/Response Behavior Results of Static Analysis presented by Cate Annotated Control Flow Graph Command/Response Combinations Cate Pfahler/Günther 9

  10. Dynamic Test Coverage Analysis Test engineers need: information about untested program locations Code Coverage a measurement of test quality (e.g. C 0 : basic block execution ratio) Executed Basic Code coverage information can be gained by Block instrumentation of the card applet B1 yes or profiling during card applet simulation B2 no B3 yes B4 no B5 no In practice coverage information turned out B6 yes to be more valuable than the static analysis results. C 0 = 3/6 = 50 % Cate Pfahler/Günther 10

  11. Dynamic Test Coverage Analysis Results of dynamic analysis presented by Cate Cate Pfahler/Günther 11

  12. Combining the results of static and dynamic analyzes Support for the construction of new test cases Cate Pfahler/Günther 12

  13. Cate System Overview Static Analysis Project managment � Source browser � Control flow analysis � CFG display � Command/response � Dynamic Analysis Test browser � Simulator control � Test execution � Test evaluation � Coverage analysis � Cate Pfahler/Günther 13

  14. Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 14

  15. Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 15

  16. Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 16

  17. Summary Cate: A System for Analysis and Test of Java Card Applications Smart card basics: Master/Slave, Java Card Static Analysis : Command-Response behavior Dynamic Analysis : Test coverage The Cate System : Practical experience Cate Pfahler/Günther 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004

Java Card vs. File System card Marc Kekicheff- Technical Director, GlobalPlatform March 10, 2004 A misleading question ? File System = a data structure seen at the card edge This part of ISO/IEC 7816 specifies: the contents of the

99 views • 5 slides
JCAT An environment for attack and test on TM Java Card Serge Chaumette , Iban Hatchondo ,

JCAT An environment for attack and test on TM Java Card Serge Chaumette , Iban Hatchondo ,

Laboratoire Bordelais de CCCT03 & ISAS03 Recherche en Informatique Equipe : Syst` emes et Objets Distribu es JCAT An environment for attack and test on TM Java Card Serge Chaumette , Iban Hatchondo , Damien Sauveron Damien

339 views • 21 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work

A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work

A Type System for Checking Applet Isolation in Java Card Peter Mller ETH Zrich Joint work with Werner Dietl and Arnd Poetzsch-Heffter 2 A Type System for Checking Applet Isolation in Java Card Applet Isolation Firewall Applet Context 1

398 views • 15 slides
System Test, Static Analysis Test SW V&V, CTIP, (ANT, SVN, Mantis) 200611490

System Test, Static Analysis Test SW V&V, CTIP, (ANT, SVN, Mantis) 200611490

System Test, Static Analysis Test SW V&V, CTIP, (ANT, SVN, Mantis) 200611490 200913988 201011318 201011358 Contents Category partition & Pairwise testing Clover Sonar Analysis

559 views • 36 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

Samiya Hamadouche, Guillaume Bouffard , Jean-Louis Lanet, Bruno Dorsemaine , Bastien Nouhant, Alexandre Magloire, Arnaud Reygnaud guillaume.bouffard@xlim.fr bruno.dorsemaine@etu.unilim.fr SAR-SSI 2012 1 Introduction Java Card security model

227 views • 19 slides
DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

DTrace Topics: -> java/lang/System.arraycopy <- java/lang/System.arraycopy Java <-

# ./jflow.d <- java/lang/Thread.sleep -> Greeting.greet -> java/io/PrintStream.println -> java/io/PrintStream.print -> java/io/PrintStream.write -> java/io/PrintStream.ensureOpen <- java/io/PrintStream.ensureOpen ->

632 views • 34 slides
System Testing Steven J Zeil April 9, 2013 System Testing Outline Test Coverage 1

System Testing Steven J Zeil April 9, 2013 System Testing Outline Test Coverage 1

System Testing System Testing Steven J Zeil April 9, 2013 System Testing Outline Test Coverage 1 Coverage Measures C/C++ - gcov Java Oracles 2 expect *Unit GUI systems Web systems Selenium System Testing Test

886 views • 65 slides
Guided Specification and Analysis of a Loyalty Card System Laurent Cuennet 1 Marc Pouly 2 c 3

Guided Specification and Analysis of a Loyalty Card System Laurent Cuennet 1 Marc Pouly 2 c 3

Guided Specification and Analysis of a Loyalty Card System Laurent Cuennet 1 Marc Pouly 2 c 3 Sa sa Radomirovi 1 University of Fribourg 2 Lucerne University of Applied Sciences 3 Institute of Information Security, ETH Z urich July 13,

625 views • 37 slides
Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder?

Java Path Finder (JPF) Christian Bergum Bergersen June 1, 2015 What is Java Path Finder? Java Path Finder is an open-source analysis system that automatically verifies/model check Java programs. Initially developed by NASA. The Java

615 views • 16 slides
Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for

Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for

Have Health Card Will Travel Kira Leeb Director, Health System Analysis Canadian Institute for Health Information (CIHI) June 2010 Outline > Background > Methodology > Results Pan-Canadian Regions in focus >

739 views • 25 slides
Test Boards Design for LTDB Xueye Hu, Hucheng Chen, Joe Mead USTC & BNL 06/20/2012 Outline

Test Boards Design for LTDB Xueye Hu, Hucheng Chen, Joe Mead USTC & BNL 06/20/2012 Outline

Test Boards Design for LTDB Xueye Hu, Hucheng Chen, Joe Mead USTC & BNL 06/20/2012 Outline LTDB Test Boards LAr Trigger Digitizer Board ADC Mezzanine Card FPGA Carrier Card Test Conclusion 2 Outline LTDB Test

535 views • 21 slides
Java Technologies Java EE - Introduction First of All Course Information The Goal The

Java Technologies Java EE - Introduction First of All Course Information The Goal The

Java Technologies Java EE - Introduction First of All Course Information The Goal The Motivation Teaching / Learning Bibliography Evaluation Lab: problems, personal projects, essays easy Exam: written test /

711 views • 22 slides
Post-Test Calculation and Uncertainty Analysis of the Experiment QUENCH-07 with the System Code

Post-Test Calculation and Uncertainty Analysis of the Experiment QUENCH-07 with the System Code

Post-Test Calculation and Uncertainty Analysis of the Experiment QUENCH-07 with the System Code ATHLET-CD H. Austregesilo, Ch. Bals, K.Trambauer Gesellschaft fr Anlagen- und Reaktorsicherheit (GRS), Germany Workshop on Evaluation of

636 views • 24 slides
JAVA Java vs. Java Java Language Specification

JAVA Java vs. Java Java Language Specification

BR 10/05 JAVA Java vs. Java Java Language Specification http://java.sun.com/docs/books/jls/second_edition/html/j.title.doc.html Java programming language is compiled into java byte code Java Virtual Machine Specification

1.07k views • 44 slides
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1

562 views • 42 slides
Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4)

Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4)

Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4) JavaScript to Java Phil Denis 5) Java to Plug-ins Anju Tai 6) Conclusion 7) Question & Answer Setting Up the Environment Setting Up the

312 views • 4 slides
Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML and Applets. Installing Apache Tomcat Server. (c) Farata Systems, L.L.C. 2014 Swing

684 views • 20 slides
Accessing Secure Information using Export file Fraudulence Guillaume Bouffard 1 Tom Khefif 1

Accessing Secure Information using Export file Fraudulence Guillaume Bouffard 1 Tom Khefif 1

Accessing Secure Information using Export file Fraudulence Guillaume Bouffard 1 Tom Khefif 1 Jean-Louis Lanet 1 Ismael Kane 2 Sergio Casanova Salvia 2 1 Smart Secure Devices (SSD) Team University of Limoges Limoges, France

458 views • 24 slides
Basic Java Network Programming CS211 July 30 th , 2001 The Network and OSI Model IP Header TCP

Basic Java Network Programming CS211 July 30 th , 2001 The Network and OSI Model IP Header TCP

Basic Java Network Programming CS211 July 30 th , 2001 The Network and OSI Model IP Header TCP Header TCP/IP: A Paradox Connection Oriented and Connectionless Protocols TCP Reliable: no loss, or duplication, or out of order

318 views • 21 slides
Frameworks Concepts set of cooperating classes Frameworks extending some class

Frameworks Concepts set of cooperating classes Frameworks extending some class

Frameworks Concepts set of cooperating classes Frameworks extending some class inversion of control Examples from java API Horstmann ch.8-8.4 swing, applet, collection Constructing a framework graph editor

570 views • 9 slides
MIDlet Navigation Graphs in JML MIDlet Navigation Graphs in JML Wojciech Mostowski and Erik Poll

MIDlet Navigation Graphs in JML MIDlet Navigation Graphs in JML Wojciech Mostowski and Erik Poll

MIDlet Navigation Graphs in JML MIDlet Navigation Graphs in JML Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/ http://mobius.inria.fr Overview Overview

803 views • 23 slides
Random Variables August 7, 2019 August 7, 2019 1 / 45 Example: Commute Times I come to campus

Random Variables August 7, 2019 August 7, 2019 1 / 45 Example: Commute Times I come to campus

Random Variables August 7, 2019 August 7, 2019 1 / 45 Example: Commute Times I come to campus four days per week. (Fri-Sun I work from home.) We will use X 1 to represent my commute time on Monday, X 2 to represent commute time on Tuesday,

766 views • 45 slides

More recommend