memory consumption analysis of java smart cards
play

Memory Consumption Analysis of Java Smart Cards G ERARDO S CHNEIDER - PowerPoint PPT Presentation

Jan 20, 2024 •593 likes •1.13k views

Memory Consumption Analysis of Java Smart Cards G ERARDO S CHNEIDER University of Oslo - Norway Joint work with P ABLO G IAMBIAGI (SICS, Sweden) Previous collaboration with D AVID C ACHERA , T HOMAS J ENSEN AND D AVID P ICHARDIE (IRISA/INRIA,

  1. Memory Consumption Analysis of Java Smart Cards G ERARDO S CHNEIDER University of Oslo - Norway Joint work with P ABLO G IAMBIAGI (SICS, Sweden) Previous collaboration with D AVID C ACHERA , T HOMAS J ENSEN AND D AVID P ICHARDIE (IRISA/INRIA, France) Based on a talk given at CLEI’05 - Cali, Colombia - October 2005 University of Malta, April 2006 Memory Consumption Analysis of Java Smart Cards – p.1/ ??

  2. Overview Introduction and motivation Objective - Our approach Final discussion Memory Consumption Analysis of Java Smart Cards – p.2/ ??

  3. Introduction and Motivation Memory Consumption Analysis of Java Smart Cards – p.3/ ??

  4. Smart cards Plastic substrate Smart card chip Small communicating devices with restricted resources Execute stand-alone applications specifically written for the hardware it runs on Memory Consumption Analysis of Java Smart Cards – p.4/ ??

  5. New generation of Java smart cards High-level language for programming applets (JavaCard Language) Multi-application: various applets may be downloaded and interact in the same card Post-issuance: applets may be loaded on the card after issued by the manufacturer Size (banking - high-tech cards): EEPROM (16K - 64K), ROM (16K - 200K), RAM (1K - 4K) Applications: mobile phones, e-purse, e-identity, medical file management, etc Memory Consumption Analysis of Java Smart Cards – p.5/ ??

  6. Security Issues Downloaded applets may attack by leaking or modifying confidential information, causing malfunctioning, etc Memory Consumption Analysis of Java Smart Cards – p.6/ ??

  7. Security Issues Downloaded applets may attack by leaking or modifying confidential information, causing malfunctioning, etc The “Sandbox” model relies on that applets are: Compiled to bytecode for a virtual machine Not given direct access to hardware resources Subject to a static analysis: bytecode verification (checks applets are well-typed) Memory Consumption Analysis of Java Smart Cards – p.6/ ??

  8. Security Issues (cont.) Extensions of the bytecode verifier are needed to guarantee (among others) Information flow (i.e. an applet does not “leak” confidential information) Reactiveness (bounding the running time of the applet between two interactions with the environment) Availability of services Memory Consumption Analysis of Java Smart Cards – p.7/ ??

  9. Security Issues (cont.) Extensions of the bytecode verifier are needed to guarantee (among others) Information flow (i.e. an applet does not “leak” confidential information) Reactiveness (bounding the running time of the applet between two interactions with the environment) Availability of services (resource-awareness analysis - Memory) Memory Consumption Analysis of Java Smart Cards – p.7/ ??

  10. How to program in small devices? Quoted from “Java Card Technology for Smart Cards - Sun Series” [Chen,2000; Chapter 13] “...neither persistent nor transient objects should be created willy-nilly.” “You should also limit nested method invocations...” “..applets should not use recursive calls.” “An applet should always check that an object is created only once.” Memory Consumption Analysis of Java Smart Cards – p.8/ ??

  11. The problem Nothing in the standards prevents a(n) (intentionally) badly written applet to allocate all persistent memory on a card! State-of-the-art tools do not detect whether a given applet will make the card run out of memory Example: public class Example ... while(arg > 0) new Example(); ... Memory Consumption Analysis of Java Smart Cards – p.9/ ??

  12. Objectives - Our Approach Memory Consumption Analysis of Java Smart Cards – p.10/ ??

  13. Objective An analyser for estimating memory usage on Java smart cards, which Statically analyses the bytecode Does not assume any structure on the bytecode Comprises intra- and inter-procedural analysis Is as precise as possible Is compositional/extensible Has low complexity (on-card analyser) Memory Consumption Analysis of Java Smart Cards – p.11/ ??

  14. The JavaCard bytecode language Stack manipulation: push , pop , dup , dup 2, swap , numop ; Local variables manipulation: load , store ; Jump instructions: if , goto ; Heap manipulation: new , putfield , getfield ; Array instructions: arraystore , arrayload ; Method calls and return: invokevirtual , invokedefinite , return Exceptions and subroutines Memory Consumption Analysis of Java Smart Cards – p.12/ ??

  15. Algorithm - Outline Detection of (mutually) recursive methods and methods reachable from those ( Rec ) Detection of potential intra-method loops ( Loop ) Propagation of Loop inter-procedurally ( Loop ’) Identification of dynamic instantiation of classes ( Γ ) Rec , Loop and Loop ’ are functions associating a set to pairs ( m, pc ) Memory Consumption Analysis of Java Smart Cards – p.13/ ??

  16. Example: Rec , Loop and Loop ’ m m m 2 3 4 m 1 �� �� �� �� �� �� �� �� m m 6 7 �� �� m 5 �� �� �� �� m �� �� 8 Memory Consumption Analysis of Java Smart Cards – p.14/ ??

  17. Example: Rec , Loop and Loop ’ m m m 2 3 4 ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m 1 �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m m 6 7 �� �� m 5 �� �� �� �� m �� �� 8 Memory Consumption Analysis of Java Smart Cards – p.14/ ??

  18. Example: Rec , Loop and Loop ’ m m m 2 3 4 ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m 1 �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m m 6 7 �� �� m 5 �� �� �� �� m �� �� 8 Memory Consumption Analysis of Java Smart Cards – p.14/ ??

  19. Example: Rec , Loop and Loop ’ m m m 2 3 4 ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m 1 �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� �� �� �� �� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� ���� m m 6 7 �� �� ���� ���� ���� ���� m ���� ���� ���� ���� 5 ���� ���� ���� ���� �� �� ���� ���� ���� ���� ���� ���� ���� ���� �� �� ���� ���� ���� ���� ���� ���� ���� ���� m �� �� 8 Memory Consumption Analysis of Java Smart Cards – p.14/ ??

  20. Example - Detecting loops ( Loop ) method m 1 goto 4 2 ... 3 goto 2 4 return Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  21. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} 2 ... Loop (m,2) = {} 3 goto 2 Loop (m,3) = {} 4 return Loop (m,4) = {} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  22. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} 2 ... Loop (m,2) = {} 3 goto 2 Loop (m,3) = {} 4 return Loop (m,4) = {1,4} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  23. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} 2 ... Loop (m,2) = {2} 3 goto 2 Loop (m,3) = {} 4 return Loop (m,4) = {1,4} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  24. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} 2 ... Loop (m,2) = {2} 3 goto 2 Loop (m,3) = {2} 4 return Loop (m,4) = {1,4} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  25. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} Loop (m,2) = {2, • } 2 ... 3 goto 2 Loop (m,3) = {2} 4 return Loop (m,4) = {1,4} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

  26. Example - Detecting loops ( Loop ) method m 1 goto 4 Loop (m,1) = {1} Loop (m,2) = {2, • } 2 ... Loop (m,3) = {2, • } 3 goto 2 4 return Loop (m,4) = {1,4} Memory Consumption Analysis of Java Smart Cards – p.15/ ??

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Memory Usage Estimation for Java Smart Cards G ERARDO S CHNEIDER IRISA/INRIA - R ENNES , F RANCE

Memory Usage Estimation for Java Smart Cards G ERARDO S CHNEIDER IRISA/INRIA - R ENNES , F RANCE

Memory Usage Estimation for Java Smart Cards G ERARDO S CHNEIDER IRISA/INRIA - R ENNES , F RANCE CASTLES: Conception dAnalyses Statiques et de Tests pour le Logiciel Embarqu e S ecuris e NWPT04 - Uppsala, 06 October 2004 Memory

828 views • 43 slides
INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

INOSSEM i nsti tut de recherche Guillaume Bouffard (SSD) Vulnerability Analysis on Smart Cards

Introduction Fault Tree Analysis An API to Mitigate the Undesirable Events Conclusion Vulnerability Analysis on Smart Cards using Fault Tree Guillaume Bouffard Bhagyalekshmy N Thampi Jean-Louis Lanet Smart Secure Devices (SSD) Team

705 views • 39 slides
Self-Collecting Mutators are Self-Compacting An analysis of memory consumption in real-periodic

Self-Collecting Mutators are Self-Compacting An analysis of memory consumption in real-periodic

Self-Collecting Mutators are Self-Compacting An analysis of memory consumption in real-periodic programs Stephanie Stroka Embedded Software Engineering University of Salzburg January 25, 2011 Motivation Periodic Memory Consumption Analysis

487 views • 15 slides
Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B.

Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B.

Voting using Java Card smart cards (a case study) Martijn Oostdijk (joint work with C-B. Breunesse & B. Jacobs) University of Nijmegen Outline 1. Context 2. Toys & Setup 3. Voting 4. Implementation 5. Demo 6. Results &

804 views • 15 slides
Transacted Memory for Smart Cards Pieter Hartel, Univ. Twente, NL Michael Butler, Univ.

Transacted Memory for Smart Cards Pieter Hartel, Univ. Twente, NL Michael Butler, Univ.

Transacted Memory for Smart Cards Pieter Hartel, Univ. Twente, NL Michael Butler, Univ. Southampton, UK Eduard de Jong, Sun Micro systems, USA Mark Longley, Univ. Southampton, UK 1 Overview What is transacted memory? Combining Z,

168 views • 15 slides
Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory

Power Consumption Analysis and Hardware Security Arnaud Tisserand CNRS, Lab-STICC laboratory Cergy, December 2017 Applications with Security Needs Applications : smart cards, computers, Internet, telecommunications, set-top boxes, data storage,

763 views • 63 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and

Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and

Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and Verifying an Debit and credit operations on a global example: balance. Secured communication and a decimal representation in Java

339 views • 5 slides
Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high

Side-Channel Analysis (SCA) A comparative approach on smart cards, embedded systems, and high security solutions Rohde & Schwarz SIT GmbH Stuttgart/Germany Dr. Torsten Schtze Workshop on Applied Cryptography Lightweight

595 views • 15 slides
Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006)

Multi-core in JVM/Java Concurrent programming in java Prior Java 5 Java 5 (2006) Java 7 (2010) Other topics Basic concurrency in Java Java Memory Model describes how threads interact through memory Single thread

812 views • 34 slides
ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart

ISG Seminar Agenda for Lecture 3 rd November 2011 Evolution of smart cards/RFIDs From Smart Cards to NFC Smart Phone Attacks/countermeasures Security Near Field Communication (NFC) Keith Mayes NFC Security Elements

550 views • 8 slides
Optimization of Water 2 Consumption by Smart Farming Water consumption in agriculture

Optimization of Water 2 Consumption by Smart Farming Water consumption in agriculture

29/09/1438 In The Name of God Contents Optimization of Water 2 Consumption by Smart Farming Water consumption in agriculture Smart farming 1 Soil moisture measurement Sensor placement Sharif University Actuation of

334 views • 5 slides
An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual

An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual

An Analysis of Power Consumption in Smart Phones Authors 2010 USENIX Aaron Carrol Annual Technical Gernot Heiser Conference UNSW Presented by Prasanth B L Aakash Arora Objective To determine where and how the power is used in the

602 views • 46 slides
e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java

e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java

. e Java Memory Model . Jesper qvist . . . e Java Environment . . . 2 . . e Java Environment . . . 3 . . Java Execution . Possible reordering due to Compiler, JVM, or CPU! Plus visibility problems due to CPU caches! .

473 views • 21 slides
Search for the Memory Duplicities in the Java Applications Using Shallow and Deep Object

Search for the Memory Duplicities in the Java Applications Using Shallow and Deep Object

Reliable Software Architectures research group Search for the Memory Duplicities in the Java Applications Using Shallow and Deep Object Comparison RICHARD LIPKA, TOM POTUK FedCSIS 2019, 2. SEPTEMBER Memory issues in Java Memory leaks

565 views • 18 slides
The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI

The Java Memory Model Jaroslav Sev c k University of Edinburgh Supported by ITI Techmedia The Java Memory Model p. 1/30 Overview Part I : Motivation for weak memory models: Compromise between standard optimisations and

813 views • 46 slides
Applets as front-ends to server-side programming Objectives Introduce applets Examples of

Applets as front-ends to server-side programming Objectives Introduce applets Examples of

Applets as front-ends Applets as front-ends to server-side programming Objectives Introduce applets Examples of Java graphical programming How-to put an applet in a HTML page The HTML Applet tag and alternatives Applet

492 views • 18 slides
What is a Jar File? Java archive (jar) files are compressed files that can store one or many

What is a Jar File? Java archive (jar) files are compressed files that can store one or many

Creating Jar Files Based on slides by: Jin Hung, Gregory Olds, George Blank, Sun Java Web Site What is a Jar File? Java archive (jar) files are compressed files that can store one or many files. Jar files normally contain java or class

434 views • 22 slides
Java Security: From HotJava to Netscape and Beyond Drew Dean, Ed Felten, Dan Wallach Safe

Java Security: From HotJava to Netscape and Beyond Drew Dean, Ed Felten, Dan Wallach Safe

Java Security: From HotJava to Netscape and Beyond Drew Dean, Ed Felten, Dan Wallach Safe Internet Programming Group Princeton University The Java Model Web server Web browser Java program URL lookup applet code byte code Verifier

458 views • 14 slides
Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java

Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java

Applet Class Applets are Java programs that can be invoked in web pages. To run an applet, Java creates an instance of the applet class. Graphics Certain methods run automatically: init() start() stop() paint() As with all methods, we can

325 views • 4 slides
Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML

Java Programming Unit 6 Inner Classes. Intro to HTML and Applets. Installing Apache Tomcat Server. (c) Farata Systems, L.L.C. 2014 Swing

684 views • 20 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4)

Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4)

Overview Overview 1) Introduction 2) Setting up the Environment 3) Java to JavaScript 4) JavaScript to Java Phil Denis 5) Java to Plug-ins Anju Tai 6) Conclusion 7) Question & Answer Setting Up the Environment Setting Up the

312 views • 4 slides
CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS)

CMPSC 497: Java Security Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Systems and Internet Infrastructure Security Laboratory (SIIS) Page 1

562 views • 42 slides

More recommend