Automatic source code transformations for strengthening practical security of smart card applications
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F10%3A00044029" target="_blank" >RIV/00216224:14330/10:00044029 - isvavai.cz</a>
Result on the web
—
DOI - Digital Object Identifier
—
Alternative languages
Result language
angličtina
Original language name
Automatic source code transformations for strengthening practical security of smart card applications
Original language description
Smart card platforms like Java Card or .NET allow to implement portable applications that can be run on different smart card hardware. The resulting overall security of the applet is strongly dependent on the implementation of the smart card operating system, related libraries, as well as physical resistance and information leakage of the underlying hardware. Defenses implementable on the source code level for later case might exist, but such a situation is unfavorable for applet developer as multiple versions of applet must be maintained to support a wider range of smart cards (although all providing Java Card platform). In this paper we describe several practical attacks on modern smart cards, discuss possible defenses and propose a general frameworkfor automatic replacement of vulnerable operations by safe equivalents. A code strengthening constructions can be also automatically inserted. Practical implementation and examples of usage are presented and discussed.
Czech name
—
Czech description
—
Classification
Type
D - Article in proceedings
CEP classification
IN - Informatics
OECD FORD branch
—
Result continuities
Project
<a href="/en/project/LA09016" target="_blank" >LA09016: Czech Republic membership in the European Research Consortium for Informatics and Mathematics (ERCIM)</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)
Others
Publication year
2010
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Article name in the collection
Sborník příspěvků z 36. konference EurOpen.CZ
ISBN
978-80-86583-19-8
ISSN
—
e-ISSN
—
Number of pages
118
Pages from-to
—
Publisher name
EurOpen.CZ
Place of publication
Plzeň
Event location
Maxičky
Event date
May 16, 2010
Type of event by nationality
CST - Celostátní akce
UT code for WoS article
—