JavaCard. Java Card - old vs new
|
|
- Laurel Scott
- 8 years ago
- Views:
Transcription
1 JavaCard 1 Old Smart Cards: One program (applet) Written in machine-code, specific to chip Burned into ROM Java Card - old vs new old vs new smartcards New Smart Cards: Applet written in high-level language (mainly Java Card) Compiled into bytecode Stored in EEPROM Interpreted on card Multi-application:several applets on one card Post-issuance: adding or deleting applets on card 2
2 How Java and smart cards mix Java Card is a stripped down version of Java for smart cards up to version 2.1 (and security is improving) one major vendor behind Java Card is Visa Java Card makes multi-application cards based on a common platform possible Opens smart card development Uses a known programming language (re)use of standard SW development tool e.g. JBuilder 3 How can Java fit on a card? Supported Java Features packages dynamic object creation virtual methods interfaces exceptions Unsupported Java Features dynamic class loading security manager threading object cloning garbage collection large data types 4
3 Multi-application cards Multi-application cards are an important goal getting more developers on board is essential Multiple applets can execute on a card credit, debit, e-cash, loyalty programs Explicit and covert channels between applets must be eliminated software risk management 5 Java Card security!= Java security Good no dynamic class loading only one active applet no threading objects include rudimentary access control Bad native method calls no garbage collection In some smart cards object sharing complexity out of band verification 6
4 Security risks in Java Card 2.1 protocol interactions sharing secrets between applications introduces new problems security is hard linking, export, CAP files native methods verification object sharing multi-application risks applets MUST behave the usual suspects apply physical attacks side-channel monitoring (e.g. DPA) the terminal problem 7 Multi-application issues Secure Features: no dynamic class loading reduces threat of malicious applets no multi-threading non-interference applet firewalls prevents referencing another applet s objects Risks & Assumptions trust-based applet model assume applets are non-malicious security testing needed JCRE must be perfect 8
5 Security is harder than it sounds Java Card is not truly cross platform byte code CAP export files linking problems no strings, thus tables code verification? before conversion exception handling Other problems: native methods INT? (32 bits) applet testing and debugging issues sharing methods among applets (difficult) ISO 7816 APDU problems hostile applets denial of service 9 Java Card - Security What to do? Assume the platform is secure it is getting better Applets must be carefully designed and implemented Testing applets for security is essential Java Card Security = platform + applets 10
6 Java Card - Development steps 11 Java Card - Programming Dialect of Java for programming smartcards Subset of Java (due to hardware constraints) no threads, doubles, strings, garbage collection, and very restricted API With some extras (due to hardware peculiarities) persistent & transient data in EEPROM & RAM transaction mechanism Java Card applets are executed in a sandbox, like applets in a web browser. (In fact, Java Card sandbox rules are more restrictive than Java s)» In some smart cards 12
7 Java Card - Programming The Java Card language JC is a subset of the Java language: no reals, doubles, strings, multi-dim arrays no threads JC uses 16 bit arithmetic, not 32. JC uses an optimized form of class files, called CAP-files. The Java Card API: a subset of Java s API no need for most standard I/O classes plus some extras for smartcard I/O with APDUs using ISO 7816 persistent and transient data transactions 13 Java Card - Programming Java Card API packages: java.lang Object, Exception,... javacard.framework ISO7816, APDU, Applet, JCSystem javacard.security KeyBuilder, RSAPrivateKey, CryptoException javacardx.crypto Cipher More API s: Global Platform addition to the Java Card API to support downloading of (digitally signed) applets onto a card Open Card Framework (OCF) API for building terminal applications 14
8 16 bit arithmetic: JC code contains many(short)casts. In particular, all intermediate results (which are of type int) must be cast to short Example: short s; byte b; Java Card - Programming s = b+s+1; // not ok, compiler complains s = (short)(b+s+1); // not ok, converter complains s = (short)(b+(short)(s+1)) // ok 15 Java Card - Architecture applet applet applet Java Card Java Card API Java Card platform Virtual Machine (mini OS) smartcard hardware 17
9 Java Card - I/O with APDUs applet applet applet Java Card platform smartcard hardware OS selects command applet Applet APDU, and incl. invokes applet sends applet its response ID process executes APDU method terminal 18 Java Card - Memory ROM program code of VM, API, and pre-installed applets EEPROM persistent storage of the data, incl. objects with their fields, and program code of downloaded applets is persistent, and is kept when power is lost RAM transient storage of data is transient, and is lost as soon as power is lost 19
10 Java Card - Memory Smart Card power supply: the power supply of a smartcard can be interrupted at any moment, by a so-called card tear to cope with this, the API offers support for: Persistent or transient allocation of fields Transactions Persistent vs transient data: By default, fields of Java Card objects are stored in EEPROM The API offers methods that allow fields that are arrays to be allocated in RAM This has performance advantages, and it can be useful that fields are automatically reset when power fails 20 Java Card - Memory Why use transient arrays? scratchpad memory RAM is faster & consumes less power EEPROM has limited lifetime automatic clearing of transient array on power-down, and on card reset or applet selection can be useful! 21
11 Java Card - Memory Persistent vs transient data - example: public class MyApplet { byte[] t, p; short balance; SomeObject o; // persistent array p and persistent object o p = new byte[128]; o = new SomeObject(); // transient array t t = JCSystem.makeTransientByteArray((short)128, JCSystem.CLEAR_ON_RESET); 22 Java Card - Memory Transient array - example: public class MyApplet { boolean keysloaded, blocked; // persistent state private RSAprivateKey priv; //@ invariant keysloaded ==> priv!= null; byte[] protocolstate; // transient session state... protocolstate = JCSystem.makeTransientByteArray((short)1, JCSystem.CLEAR_ON_RESET); // automatically reset to 0 when card starts up... 23
12 Java Card - Memory Transactions: The API offers methods to join several assignments to fields into one atomic action ie. atomic update of the EEPROM, called a transaction.» If the power supply stops halfway during a transaction, all assignments of that transaction are rolled back/undone. private int balance; private int[] log; //@ invariant (* log[n] is previous balance *);... what if a card tear // update log n++; log[n] = balance; occurs here? balance = balance amount; // update balance 24 Java Card - Memory Transactions example: private int balance; private int[] log; //@ invariant (* log[n] is previous balance *);... JCSystem.beginTransaction(); // update log n++; log[n] = balance; // update balance balance = balance amount; JCSystem.endTransaction(); 25
13 JavaCard - VM The Java Card Virtual Machine (JCVM): specification defines: subset of the Java programming language Java-compatible VM for smart cards include:» binary data representations and file formats» JCVM instruction set JCVM familiar features include: Objects, Inheritance, packages, dynamic object creation, virtual methods, interfaces, and exceptions. 26 JavaCard - VM constraints Packages A package can refer to up to 128 other packages A fully qualified package name is limited to 255 bytes. Note that the character size depends on the character encoding. A package can have up to 255 classes. Classes A class can directly or indirectly implement up to 15 interfaces. An interface can inherit from up to 14 interfaces. A package can have up to 256 static methods if it contains applets (an applet package), or 255 if it doesn't (a library package). A class can implement up to 128 public or protected instance methods, and up to 128 with package visibility. 27
14 Java Card - Language limitations Language Features Keywords Types, Classes, and Interfaces Exceptions No support for: dynamic class loading, security manager (java.lang.securitymanager), threads, object cloning, and certain aspects of package access control are not supported. No support for: native, synchronized, transient, volatile, strictfp are not supported. No support for: char, double, float, and long, or for multidimensional arrays. Support for int is optional. Some Exception and Error subclasses are omitted because the exceptions and errors they encapsulate cannot arise in the Java Card platform. 28 Java Card - Message-Passing model Processing APDUs Every time there is an incoming APDU for a selected applet: The JCRE invokes the applet's process() method The incoming APDU is passed as an argument The applet must: parse the command APDU process the data generate a response APDU and return control to the JCRE 29
15 Java Card - Message-Passing model 30 Java Card - Application components Java Card application comprises: The back-end application: Using the card The host application: Accessing the applets on the smart card The terminal: Physical interface with the card The Java Card: Java Card framework Java Card applet 31
16 Java Card - Application components Inside the Java Card: Card s operating System JCRE - Java Card Runtime Environment Java Card Virtual Machine Java Card Framework and APIs One or more Java Applets 32 Java Card - Applet methods 33
17 Java Card - Applet life-cycle 34 Java Card - Creating an Applet All Java Card applets extend the Applet base class and must implement the install() and process() methods JCRE calls install() when installing the applet, and process() every time there is an incoming APDU for the applet Developing a Java Card Applet: 1. Write the Java source 2. Compile your source 3. Convert the class files into a CAP (Converted Applet) file (binary representation of classes and interfaces) 4. Verify that the CAP is valid (structure, valid bytecode subset, interpackage dependencies) 5. Install the CAP file 35
18 Java Card - Creating an Applet Applet Structure: import javacard.framework.*... public class MyApplet extends Applet { // Definitions of APDU-related instruction codes... MyApplet() {...} // Constructor // Life-cycle methods install() {...} select() {...} process() {...} deselect() {...} // Private methods... } 36 Java Card - Applet Methods install() called when a new applet is being installed public static void install ( byte[] barray, short boffset,byte blength){ new myapplet(null); } Must call register() to let JCRE know that a new applet has been installed select() when we want to use an applet is called when SELECT APDU is received 37
19 Java Card - Applet Methods process() when an APDU is received and applet is selected its method process is called to process the APDU the selected applet parses the APDU and perform whatever it needs to perform normally the body of process() method is a big switch with code for each INS (APDU field) value defined deselect() is called when another SELECT APDU is received 38 Java Card - Object Sharing Shareable interface enable object sharing between applets Shareable Interface Object (SIO) An object of a class that implements a shareable interface is called a SIO To the owning context, an SIO is a normal object To any other context, the SIO is an instance of the shareable interface type only the methods defined in the shareable interface are accessible» Field and methods of the SIO are protected by the firewall 41
20 Java Card - Applet Firewall The applet firewall partitions the Java Card object system into separate protected object spaces called context JCRE context Firewall Group context Applet context Applet context Group context Applet context 42 Java Card - Applet Firewall JCRE assigns a context to a created applet instance All applet instances of a single Java package share the same (group) context No firewall between applet instances in the same group context Each new created object is assigned an owning context The JCRE maintain its own JCER context JCRE context has special privileges: the JCRE context has access to any applet s context There is only one active context at any given time either the JCRE context or an applet s group context 43
21 Java Card - Applet Firewall Sharing mechanisms are accomplished by the following means: JCRE privileges The JCRE is able to invoke other applets methods» i.e. select, deselect, process,... JCRE entry point objects Identical to system calls» i.e. APDU object Global arrays Special type of JCRE entry point object» i.e. APDU buffer Shareable interfaces» Shareable Interface Object (SIO) 44 Java Card - Object Sharing Shareable interface Server creates a Shareable Interface Object Define a shareable interface Package com.fasttravel.airmiles; import javacard.framework.shareable; Public interface AirMilesInterface extends Shareable{ public void grantmiles(short amout); } 45
22 Java Card - Object Sharing Create a Shareable Interface Object Create a service provider class, implementing the sharable interface creates one or more objects of the service provider class Package com.fasttravel.airmiles; import javacard.framework.shareable; public class AirMilesApp extends Applet implements AirMilesInterface { private short miles; } public void grantmiles(short amout) { miles = (short)(miles + amout);} 46 Java Card - Object Sharing Requesting a SIO Client applet lookups the server AID: public static AID lookupaid( byte[] buffer, short offset, byte length) Client applet gets the server SIO: public static Shareable getappletshareableinterfaceobject( AID server_aid, byte parameter) JCRE invokes the Server applet: Public Shareable getshareableinterfaceobject( AID client_aid, byte parameter) 47
23 Java Card - Object Sharing Server s Shareable Interface Object public class AirMilesApp extends Applet implements AirMilesInterface { short miles; public Shareable getshareableinterfaceobject( AID client_aid, byte parameter){ //authenticate the client //... explained later... } return this; //Return the SIO } public void grantmiles(short amout){ miles = (short)(miles + amout); } 48 Java Card - Object Sharing Shareable Interface Object - Usage 49
24 Java Card - Object Sharing Shareable Interface Object - Invocation Package com.smartbank.wallet; import javacard.framework.*; import com.fasttravel.airmiles,airmilesinterface; public class WalletApp extends Applet { private byte[] air_mailes_aid = SERVER_AID_BYTES; //... Applets code... public void requestmiles(short amout){ AID AirMiles_aid = JCSystem.lookupAID( air_mailes_aid, 0, air_mailes_aid.length); AirMilesInterface sio = (AirMilesInterface) JCSystem.getAppletShareableInterfaceObject( AirMiles_aid, SECRET); } } if (sio == null) ISOException.throwIt(SW_FAILED_TO_OBTAIN_SIO) sio.grantmiles(amount); 50 Java Card - Object Sharing Authenticate a Client Applet when returning the SIO: public class AirMilesApp extends Applet implements AirMilesInterface { public Shareable getshareableinterfaceobject( AID client_aid, byte parameter){ if (client_aid.equals(wallet_app_aid_bytes, (short)0, (byte)wallet_app_aid_bytes.length)) == false) return null; if (parameter!= SECRET) return null; return (this); } 51
25 Java Card - Object Sharing Authenticate a Client Applet when being called: Other contexts may have obtained the SIO reference!» Verify every time the SIO is invoked public void grantmiles (short amount) { AID client_aid = JCSystem.getPreviousCOntextAID(); if (client_aid.equals(wallet_app_aid_bytes, (short)0, (byte)wallet_app_aid_bytes.length)) == false) ISOException.throwIt(SW_UNAUTHORIZED-CLIENT); //... Performs the methods computation miles = (short)(miles + amount); } 52 Java Card - Context Switch Context switches occur during invocation, return, and exception exits from instance methods of an object owned by a differentcontext when a sharing mechanism is applied the Java Card virtual machine enables access by performing a context switch On card reset, the JCRE context is always the active context During a context-switching method invocation, the current context is saved, and the new context becomes the active context 53
26 JavaCard - Security risks Protocol interaction risks: Unintended protocol interactions pose risks: different protocols share same key material observation of protocol P can be used against Q Shared key material is motivated by: digital certificates for multi-applications small memory for public/private key pairs crypto APIs 54 JavaCard - Security risks The terminal problem: No trusted interface for interacting with users A common solution is to use PCs but PCs are easily hacked Windows/Linux are inherently insecure! Some suggestions: smart phones/pdas» Are these really secure!?! simple dedicated devices Maybe in the Future: On the card itself!!! 55
27 JavaCard - Security risks Physical attacks still apply: Physical attacks attempt to reverse engineer the card or monitor a running card to obtain card secrets differential power analysis (Kocher) no card is 100% tamper proof (Anderson & Kuhn) Cards often include secrets from there owners» e.g.: PayTV Some secrets could be used to add functionality and/or add value Cost of hacking the card must be greater than the return on the investment 56 Acknowledgments Erik University of Nijmegen C. Enrique java.sun.com/javacard/ Raman University of Illinois Fu-Chiung Tatung University 57
Java Card. Smartcards. Demos. . p.1/30
. p.1/30 Java Card Smartcards Java Card Demos Smart Cards. p.2/30 . p.3/30 Smartcards Credit-card size piece of plastic with embedded chip, for storing & processing data Standard applications bank cards
More informationJava Card TM Open Platform for Smart Cards
Java Card TM Open Platform for Smart Cards Wolfgang Effing Giesecke & Devrient GmbH C:\Presentations - JavaCard_OpenPlatform.ppt - ef - 29.04.04 - page 1 What happened in the past? Every company created
More informationSmart Card Application Development Using the Java Card Technology
Smart Card Application Development Using the Java Card Technology Milan Fort RWTH Aachen Abstract Through their combination of portability and security, smart cards are playing an increasingly important
More informationSmart Cards a(s) Safety Critical Systems
Smart Cards a(s) Safety Critical Systems Gemplus Labs Pierre.Paradinas Paradinas@gemplus.com Agenda Smart Card Technologies Java Card TM Smart Card a specific domain Card Life cycle Our Technical and Business
More informationMalicious Code on Java Card Smartcards: Attacks and Countermeasures
Malicious Code on Java Card Smartcards: Attacks and Countermeasures Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen To be presented at CARDIS'2008 Erik Poll Radboud University
More informationjcardsim Java Card is simple!
JavaOne Moscow, 2013 jcardsim Java Card is simple! Mikhail Dudarev, CTO of jcardsim.org Brief history of Java Card Basics standards How is that works? Developer Tools Writing our first real life Java Card
More informationRVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne
RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment Carolin Latze University of Berne Table of contents > Introduction Smartcards > Deployment Overview Linux Windows
More informationJCAT. Java Card TM. An environment for attack and test on. Serge Chaumette, Iban Hatchondo, Damien Sauveron CCCT 03 & ISAS 03
CCCT 03 & ISAS 03 JCAT An environment for attack and test on Java Card TM Serge Chaumette, Iban Hatchondo, http:/www.labri.fr/~sauveron/ 2 nd august 2003 Plan 1) The Java Card Security project Context
More informationDeveloping secure Java Card applications
Developing secure Java Card applications Jan Vossaert Jorn Lapon Vincent Naessens June 9, 2010 1 Introduction This tutorial covers the basic steps towards secure smart card application development with
More informationRMI Client Application Programming Interface
RMI Client Application Programming Interface Java Card 2.2 Java 2 Platform, Micro Edition Sun Microsystems, Inc. 901 San Antonio Road Palo Alto, CA 94303 U.S.A. 650-960-1300 June, 2002 Copyright 2002 Sun
More informationCrash Course in Java
Crash Course in Java Based on notes from D. Hollinger Based in part on notes from J.J. Johns also: Java in a Nutshell Java Network Programming and Distributed Computing Netprog 2002 Java Intro 1 What is
More informationAn evaluation of the Java Card environment
An evaluation of the Java Card environment Christophe Rippert, Daniel Hagimont Contact: Christophe Rippert, Sirac Laboratory INRIA Rhône-Alpes, 655 avenue de l Europe Montbonnot 38334 St Ismier Cedex,
More informationJava Applet and Terminal Application for Financial transactions
Java Applet and Terminal Application for Financial transactions Security for Java and E-commerce Environment Behrooz Aghakhanian baf@kth.se Jalil Shokouh shokouh@kth.se May 2011 Introduction In this assignment
More informationSMARTCARD SECURITY. Java Card Security. Marc Witteman. Introduction
Java Card Security Marc Witteman Introduction Java Card is a new, but fast growing technology that enhances the world of smart cards with a whole set of exciting new possibilities. Until a few years ago
More informationJava Interview Questions and Answers
1. What is the most important feature of Java? Java is a platform independent language. 2. What do you mean by platform independence? Platform independence means that we can write and compile the java
More informationFundamentals of Java Programming
Fundamentals of Java Programming This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors
More informationTesting the Java Card Applet Firewall
Testing the Java Card Applet Firewall Wojciech Mostowski and Erik Poll Security of Systems (SoS) group Department of Computing Science Radboud University Nijmegen The Netherlands {woj,erikpoll@cs.ru.nl
More informationJava Card Applet Firewall Exploration and Exploitation
Java Card Applet Firewall Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/ Introduction Study
More informationSmart Card Based User Authentication
Smart Card Based User Authentication A thesis submitted in partial fulfilment of the requirements for the degree of Master of Science By BRANDON JAMES B.S., Wright State University, June 2010 2012 Wright
More informationStoring Encrypted Plain Text Files Using Google Android
Storing Encrypted Plain Text Files Using Google Android Abstract Jared Hatfield University of Louisville Google Android is an open source operating system that is available on a wide variety of smart phones
More informationWeb Development in Java
Web Development in Java Detailed Course Brochure @All Rights Reserved. Techcanvass, 265, Powai Plaza, Hiranandani Garden, Powai, Mumbai www.techcanvass.com Tel: +91 22 40155175 Mob: 773 877 3108 P a g
More informationCloud Computing. Up until now
Cloud Computing Lecture 11 Virtualization 2011-2012 Up until now Introduction. Definition of Cloud Computing Grid Computing Content Distribution Networks Map Reduce Cycle-Sharing 1 Process Virtual Machines
More informationHandout 1. Introduction to Java programming language. Java primitive types and operations. Reading keyboard Input using class Scanner.
Handout 1 CS603 Object-Oriented Programming Fall 15 Page 1 of 11 Handout 1 Introduction to Java programming language. Java primitive types and operations. Reading keyboard Input using class Scanner. Java
More informationSmart Card APDU Analysis
Smart Card APDU Analysis Black Hat Briefings 2008 Las Vegas Ivan "e1" Buetler ivan.buetler@csnc.ch Compass Security AG - Switzerland Compass Security AG Glärnischstrasse 7 Postfach 1628 CH-8640 Rapperswil
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationJava (12 Weeks) Introduction to Java Programming Language
Java (12 Weeks) Topic Lecture No. Introduction to Java Programming Language 1 An Introduction to Java o Java as a Programming Platform, The Java "White Paper" Buzzwords, Java and the Internet, A Short
More informationHabanero Extreme Scale Software Research Project
Habanero Extreme Scale Software Research Project Comp215: Java Method Dispatch Zoran Budimlić (Rice University) Always remember that you are absolutely unique. Just like everyone else. - Margaret Mead
More informationRE-TRUST Design Alternatives on JVM
RE-TRUST Design Alternatives on JVM ( - Italy) paolo.falcarin@polito.it http://softeng.polito.it/falcarin Trento, December, 19 th 2006 Tamper-Detection Tamper-detection goals Detect malicious modifications
More informationPage 1. Smart Card Applications. Lecture 7: Prof. Sead Muftic Matei Ciobanu Morogan. Lecture 7 : Lecture 7 : Smart Card Applications
in Open Distributed Processing s 1 in Open Distributed Processing s 2 Prof. Sead Muftic Matei Ciobanu Morogan Lecture 7: 1 2 in Open Distributed Processing s 3 in Open Distributed Processing s Smart s
More informationJava Card Protection Profile Open Configuration
Java Card Protection Profile Open Configuration May 2012 Security Evaluations Oracle Corporation 500 Oracle Parkway Redwood Shores, CA 94065 Java Card Protection Profile Open Configuration 1 Java Card
More informationJava CPD (I) Frans Coenen Department of Computer Science
Java CPD (I) Frans Coenen Department of Computer Science Content Session 1, 12:45-14:30 (First Java Programme, Inheritance, Arithmetic) Session 2, 14:45-16:45 (Input and Programme Constructs) Materials
More informationRestraining Execution Environments
Restraining Execution Environments Segurança em Sistemas Informáticos André Gonçalves Contents Overview Java Virtual Machine: Overview The Basic Parts Security Sandbox Mechanisms Sandbox Memory Native
More informationStudy of Java Card and its Application 1 Nainesh Rawani, 2 Akhil Patel
Study of Java Card and its Application 1 Nainesh Rawani, 2 Akhil Patel nainesh279@gmail.com 1,2 Information Technology Department, 1,2 Gujarat Technological University, Gujarat, India. Abstract: Sun Microsystems
More informationJava Card 2.1.1 Application Programming Interface
Java Card 211 Application Programming Interface Sun Microsystems, Inc 901 San Antonio Road Palo Alto, CA 94303 USA 650 960-1300 Revision 10, May 18, 2000 Copyright 2000 Sun Microsystems, Inc 901 San Antonio
More informationpicojava TM : A Hardware Implementation of the Java Virtual Machine
picojava TM : A Hardware Implementation of the Java Virtual Machine Marc Tremblay and Michael O Connor Sun Microelectronics Slide 1 The Java picojava Synergy Java s origins lie in improving the consumer
More informationAn Overview of Java. overview-1
An Overview of Java overview-1 Contents What is Java Major Java features Java virtual machine Java programming language Java class libraries (API) GUI Support in Java Networking and Threads in Java overview-2
More informationThe programming language C. sws1 1
The programming language C sws1 1 The programming language C invented by Dennis Ritchie in early 1970s who used it to write the first Hello World program C was used to write UNIX Standardised as K&C (Kernighan
More informationJava and Java Virtual Machine Security
Java and Java Virtual Machine Security Vulnerabilities and their Exploitation Techniques by Last Stage of Delirium Research Group http://lsd-pl.net Version: 1.0.0 Updated: October 2nd, 2002 Copyright c
More informationAgent Languages. Overview. Requirements. Java. Tcl/Tk. Telescript. Evaluation. Artificial Intelligence Intelligent Agents
Agent Languages Requirements Overview Java Tcl/Tk Telescript Evaluation Franz J. Kurfess, Cal Poly SLO 211 Requirements for agent Languages distributed programming large-scale (tens of thousands of computers)
More informationSmart Card. Smart Card applications
Smart Card Chip Plastic card A very secure way of storing a small amount of sensitive data 1 Smart Card applications Retail Sale of goods using Electronic Purses, Credit / Debit Vending machines Loyalty
More informationThe OpenEapSmartcard platform. Pr Pascal Urien ENST Paris
The OpenEapSmartcard platform Pr Pascal Urien ENST Paris /20 Pascal URIEN, CARTES 2005, November 16 th 2005 Introduction 1/4: Network ages Analog networks (Tree age) 1876, Alexander Graham Bell invents
More informationUser. Role. Privilege. Environment. Checkpoint. System
8. Security Features Motivation Viruses, spam, trojan horses have become increasingly common in PC environment In mobile environment, new kinds of opportunities offered for malicious software Potentially
More informationANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY
ANDROID BASED MOBILE APPLICATION DEVELOPMENT and its SECURITY Suhas Holla #1, Mahima M Katti #2 # Department of Information Science & Engg, R V College of Engineering Bangalore, India Abstract In the advancing
More informationAnalysis of advanced issues in mobile security in android operating system
Available online atwww.scholarsresearchlibrary.com Archives of Applied Science Research, 2015, 7 (2):34-38 (http://scholarsresearchlibrary.com/archive.html) ISSN 0975-508X CODEN (USA) AASRC9 Analysis of
More informationSecurity Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0
Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features
More informationMeasurement and Analysis Introduction of ISO7816 (Smart Card)
Measurement and Analysis Introduction of ISO7816 (Smart Card) ISO 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, managed jointly by
More informationReplication on Virtual Machines
Replication on Virtual Machines Siggi Cherem CS 717 November 23rd, 2004 Outline 1 Introduction The Java Virtual Machine 2 Napper, Alvisi, Vin - DSN 2003 Introduction JVM as state machine Addressing non-determinism
More informationAP Computer Science Java Subset
APPENDIX A AP Computer Science Java Subset The AP Java subset is intended to outline the features of Java that may appear on the AP Computer Science A Exam. The AP Java subset is NOT intended as an overall
More informationCompiling Object Oriented Languages. What is an Object-Oriented Programming Language? Implementation: Dynamic Binding
Compiling Object Oriented Languages What is an Object-Oriented Programming Language? Last time Dynamic compilation Today Introduction to compiling object oriented languages What are the issues? Objects
More informationMPLAB TM C30 Managed PSV Pointers. Beta support included with MPLAB C30 V3.00
MPLAB TM C30 Managed PSV Pointers Beta support included with MPLAB C30 V3.00 Contents 1 Overview 2 1.1 Why Beta?.............................. 2 1.2 Other Sources of Reference..................... 2 2
More informationFachbereich Informatik und Elektrotechnik SunSPOT. Ubiquitous Computing. Ubiquitous Computing, Helmut Dispert
Ubiquitous Computing Ubiquitous Computing The Sensor Network System Sun SPOT: The Sun Small Programmable Object Technology Technology-Based Wireless Sensor Networks a Java Platform for Developing Applications
More informationPemrograman Dasar. Basic Elements Of Java
Pemrograman Dasar Basic Elements Of Java Compiling and Running a Java Application 2 Portable Java Application 3 Java Platform Platform: hardware or software environment in which a program runs. Oracle
More informationJava Application Developer Certificate Program Competencies
Java Application Developer Certificate Program Competencies After completing the following units, you will be able to: Basic Programming Logic Explain the steps involved in the program development cycle
More informationDeveloping a new Protection Profile for (U)SIM UICC platforms. ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.
Developing a new Protection Profile for (U)SIM UICC platforms ICCC 2008, Korea, Jiju Septembre 2008 JP.Wary/M.Eznack/C.Loiseaux/R.Presty Project Background A Protection Profile for (U)SIM Security Requirements
More informationNew Methodologies in Smart Card Security Design. Y.GRESSUS Methodology and Secure ASIC development manager, Bull CP8
New Methodologies in Smart Card Security Design Y.GRESSUS Methodology and Secure ASIC development manager, Bull CP8 Japan Security Conference Page 2 Trends Opportunities New methodologies Summary Concurrent
More informationSecurity Vulnerability Notice
Security Vulnerability Notice SE-2014-01-ORACLE [Security vulnerabilities in Oracle Database Java VM, Issues 1-20] DISCLAIMER INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY
More informationSmart Card Technology Capabilities
Smart Card Technology Capabilities Won J. Jun Giesecke & Devrient (G&D) July 8, 2003 Smart Card Technology Capabilities 1 Table of Contents Smart Card Basics Current Technology Requirements and Standards
More informationLast Class: OS and Computer Architecture. Last Class: OS and Computer Architecture
Last Class: OS and Computer Architecture System bus Network card CPU, memory, I/O devices, network card, system bus Lecture 3, page 1 Last Class: OS and Computer Architecture OS Service Protection Interrupts
More informationStorage Classes CS 110B - Rule Storage Classes Page 18-1 \handouts\storclas
CS 110B - Rule Storage Classes Page 18-1 Attributes are distinctive features of a variable. Data type, int or double for example, is an attribute. Storage class is another attribute. There are four storage
More informationChapter 3 Operating-System Structures
Contents 1. Introduction 2. Computer-System Structures 3. Operating-System Structures 4. Processes 5. Threads 6. CPU Scheduling 7. Process Synchronization 8. Deadlocks 9. Memory Management 10. Virtual
More informationA Two Step Approach in the Development of a Java Silicon Machine (JSM) for Small Embedded Systems
A Two Step Approach in the Development of a Java Silicon Machine (JSM) for Small Embedded Systems H. Ploog R. Kraudelt N. Bannow T. Rachui F. Golatowski D. Timmermann Department of Electrical Engineering
More informationJava and Real Time Storage Applications
Java and Real Time Storage Applications Gary Mueller Janet Borzuchowski 1 Flavors of Java for Embedded Systems Software Java Virtual Machine(JVM) Compiled Java Hardware Java Virtual Machine Java Virtual
More informationETSI TS 102 588 V7.1.0 (2007-07) Technical Specification
TS 102 588 V7.1.0 (2007-07) Technical Specification Smart Cards; Application invocation Application Programming Interface (API) by a UICC webserver for Java Card platform; (Release 7) 2 TS 102 588 V7.1.0
More informationHardware/Software Co-Design of a Java Virtual Machine
Hardware/Software Co-Design of a Java Virtual Machine Kenneth B. Kent University of Victoria Dept. of Computer Science Victoria, British Columbia, Canada ken@csc.uvic.ca Micaela Serra University of Victoria
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationThe C Programming Language course syllabus associate level
TECHNOLOGIES The C Programming Language course syllabus associate level Course description The course fully covers the basics of programming in the C programming language and demonstrates fundamental programming
More informationCSC 551: Web Programming. Spring 2004
CSC 551: Web Programming Spring 2004 Java Overview Design goals & features platform independence, portable, secure, simple, object-oriented, Programming models applications vs. applets vs. servlets intro
More informationInterpreters and virtual machines. Interpreters. Interpreters. Why interpreters? Tree-based interpreters. Text-based interpreters
Interpreters and virtual machines Michel Schinz 2007 03 23 Interpreters Interpreters Why interpreters? An interpreter is a program that executes another program, represented as some kind of data-structure.
More informationReverse engineering smart cards
Reverse engineering smart cards Christian M. Amsüss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable
More informationCharacteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming
Characteristics of Java (Optional) Y. Daniel Liang Supplement for Introduction to Java Programming Java has become enormously popular. Java s rapid rise and wide acceptance can be traced to its design
More informationGlossary of Object Oriented Terms
Appendix E Glossary of Object Oriented Terms abstract class: A class primarily intended to define an instance, but can not be instantiated without additional methods. abstract data type: An abstraction
More informationCSCI E 98: Managed Environments for the Execution of Programs
CSCI E 98: Managed Environments for the Execution of Programs Draft Syllabus Instructor Phil McGachey, PhD Class Time: Mondays beginning Sept. 8, 5:30-7:30 pm Location: 1 Story Street, Room 304. Office
More informationDEVELOPING NFC APPS for BLACKBERRY
1 DEVELOPING NFC APPS for BLACKBERRY NFC Forum, Developers Showcase March 21 st, 2014 Larry McDonough, Principal Evangelist @LMCDUNNA 2 CONTENTS Development on BlackBerry BlackBerry NFC Support 5 most
More informationSoftware security specification and verification
Software security specification and verification Erik Poll Security of Systems (SoS) group Radboud University Nijmegen Software (in)security specification and verification/detection Erik Poll Security
More informationRaima Database Manager Version 14.0 In-memory Database Engine
+ Raima Database Manager Version 14.0 In-memory Database Engine By Jeffrey R. Parsons, Senior Engineer January 2016 Abstract Raima Database Manager (RDM) v14.0 contains an all new data storage engine optimized
More informationMUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards
MUSCLE Cryptographic Card Edge Definition for Java 1 Enabled Smartcards David Corcoran Tommaso Cucinotta This document is provided on an as-is basis. Neither the authors nor the MUSCLE project are responsible
More informationlanguage 1 (source) compiler language 2 (target) Figure 1: Compiling a program
CS 2112 Lecture 27 Interpreters, compilers, and the Java Virtual Machine 1 May 2012 Lecturer: Andrew Myers 1 Interpreters vs. compilers There are two strategies for obtaining runnable code from a program
More informationODBC Client Driver Help. 2015 Kepware, Inc.
2015 Kepware, Inc. 2 Table of Contents Table of Contents 2 4 Overview 4 External Dependencies 4 Driver Setup 5 Data Source Settings 5 Data Source Setup 6 Data Source Access Methods 13 Fixed Table 14 Table
More informationHow To Protect A Smart Card From Being Hacked
Chip Terms Explained A Guide to Smart Card Terminology Contents 1 AAC Application Authentication Cryptogram AID Application Identifier Applet ARQC Authorization Request Cryptogram ARPC Authorization Response
More informationLoyalty Systems over Near Field Communication (NFC)
Loyalty Systems over Near Field Communication (NFC) Diogo Simões IST - Technical University of Lisbon Av. Prof. Cavaco Silva Tagus Park 2780-990 Porto Salvo, Portugal diogo.simoes@tagus.ist.utl.pt Abstract.
More informationThe Java Virtual Machine and Mobile Devices. John Buford, Ph.D. buford@alum.mit.edu Oct 2003 Presented to Gordon College CS 311
The Java Virtual Machine and Mobile Devices John Buford, Ph.D. buford@alum.mit.edu Oct 2003 Presented to Gordon College CS 311 Objectives Review virtual machine concept Introduce stack machine architecture
More informationHow To Install An Aneka Cloud On A Windows 7 Computer (For Free)
MANJRASOFT PTY LTD Aneka 3.0 Manjrasoft 5/13/2013 This document describes in detail the steps involved in installing and configuring an Aneka Cloud. It covers the prerequisites for the installation, the
More informationMobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java
Mobile Application Languages XML, Java, J2ME and JavaCard Lesson 04 Java Oxford University Press 2007. All rights reserved. 1 C and C++ C and C++ with in-line-assembly, Visual Basic, and Visual C++ the
More informationFirst Java Programs. V. Paúl Pauca. CSC 111D Fall, 2015. Department of Computer Science Wake Forest University. Introduction to Computer Science
First Java Programs V. Paúl Pauca Department of Computer Science Wake Forest University CSC 111D Fall, 2015 Hello World revisited / 8/23/15 The f i r s t o b l i g a t o r y Java program @author Paul Pauca
More informationIf you wanted multiple screens, there was no way for data to be accumulated or stored
Handling State in Web Applications Jeff Offutt http://www.cs.gmu.edu/~offutt/ SWE 642 Software Engineering for the World Wide Web sources: Professional Java Server Programming, Patzer, Wrox Web Technologies:
More informationHow To Port A Program To Dynamic C (C) (C-Based) (Program) (For A Non Portable Program) (Un Portable) (Permanent) (Non Portable) C-Based (Programs) (Powerpoint)
TN203 Porting a Program to Dynamic C Introduction Dynamic C has a number of improvements and differences compared to many other C compiler systems. This application note gives instructions and suggestions
More informationECE 122. Engineering Problem Solving with Java
ECE 122 Engineering Problem Solving with Java Introduction to Electrical and Computer Engineering II Lecture 1 Course Overview Welcome! What is this class about? Java programming somewhat software somewhat
More informationConfinement Problem. The confinement problem Isolating entities. Example Problem. Server balances bank accounts for clients Server security issues:
Confinement Problem The confinement problem Isolating entities Virtual machines Sandboxes Covert channels Mitigation 1 Example Problem Server balances bank accounts for clients Server security issues:
More informationCLC Server Command Line Tools USER MANUAL
CLC Server Command Line Tools USER MANUAL Manual for CLC Server Command Line Tools 2.5 Windows, Mac OS X and Linux September 4, 2015 This software is for research purposes only. QIAGEN Aarhus A/S Silkeborgvej
More informationMobile Application Development Android
Mobile Application Development Android MTAT.03.262 Satish Srirama satish.srirama@ut.ee Goal Give you an idea of how to start developing Android applications Introduce major Android application concepts
More informationChapter 2: Remote Procedure Call (RPC)
Chapter 2: Remote Procedure Call (RPC) Gustavo Alonso Computer Science Department Swiss Federal Institute of Technology (ETHZ) alonso@inf.ethz.ch http://www.iks.inf.ethz.ch/ Contents - Chapter 2 - RPC
More informationAPPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK
APPLICATION SECURITY: FROM WEB TO MOBILE. DIFFERENT VECTORS AND NEW ATTACK John T Lounsbury Vice President Professional Services, Asia Pacific INTEGRALIS Session ID: MBS-W01 Session Classification: Advanced
More informationD. Best Practices D.1. Assurance The 5 th A
Best Practices I&C School Prof. P. Janson September 2014 D. Best Practices D.1. Assurance The 5 th A 1 of 20 IT systems are insecure for two main reasons: People are fallible and systems are complex and
More informationBuilt-in Concurrency Primitives in Java Programming Language. by Yourii Martiak and Mahir Atmis
Built-in Concurrency Primitives in Java Programming Language by Yourii Martiak and Mahir Atmis Overview One of the many strengths of Java is the built into the programming language support for concurrency
More informationApplication Programming Interface
Application Programming Interface Java Card Platform, Version 2.2.1 Sun Microsystems, Inc. 4150 Network Circle Santa Clara, California 95054 U.S.A. 650-960-1300 October 21, 2003 Java Card Specification
More informationPUF Physical Unclonable Functions
Physical Unclonable Functions Protecting next-generation Smart Card ICs with SRAM-based s The use of Smart Card ICs has become more widespread, having expanded from historical banking and telecommunication
More informationTopics. Introduction. Java History CS 146. Introduction to Programming and Algorithms Module 1. Module Objectives
Introduction to Programming and Algorithms Module 1 CS 146 Sam Houston State University Dr. Tim McGuire Module Objectives To understand: the necessity of programming, differences between hardware and software,
More informationJava Programming Fundamentals
Lecture 1 Part I Java Programming Fundamentals Topics in Quantitative Finance: Numerical Solutions of Partial Differential Equations Instructor: Iraj Kani Introduction to Java We start by making a few
More informationMultithreading and Java Native Interface (JNI)!
SERE 2013 Secure Android Programming: Best Practices for Data Safety & Reliability Multithreading and Java Native Interface (JNI) Rahul Murmuria, Prof. Angelos Stavrou rmurmuri@gmu.edu, astavrou@gmu.edu
More information