That speech is by Raja Naeem Akram, from Royal Holloway. He proposes a system in which the end user buys the smart card from the manufacturer, and then customizes it by going to a service point that will interact with smart card service providers. The services would be leased with specific conditions depending on the relationship between the user and the service provider.
The main focus of the talk is about sharing between applications in such a setting. This started by a description of Java Card’s sharing mechanism, and of Multos mechanism (for those of you who don’t know, the Multos sharing mechanism is based on delegating APDUs: the client application creates an APDU command, asks the server application to process it, and gets the APDU response).
These sharing mechanisms have one thing in common: they provide the same access level to all clients, without any notion of privileges. Of course, this is something that we want to fix in a usable model, where a hierarchical model is preferable (dynamic, of course).
Another thing that they want to modify is the relationship between the applications and the runtime environment. The applications should only be authorized to use the features that they have been allowed to by their provider, and the system should be limited to the required access (which is not a requirement in the current Java Card specification).
Privacy is another issue, with three subproblems: application scanning (an application should not be able to discover other applications), profiling user (an application should not be able to profile how users are using other applications), information leakage (no information should leak between applications when they do not actually communicate).
The proposal is here to define a new firewall, associated with resource managers, and in which SIOs are associated to ACLs. Sharing sessions need to be initiated with an explicit binding mechanism, in which the client only gets access to a resource for a limited time, and there is also a delegation mechanism.
Apart for delegation, this looks a lot like the Java Card 3.0 model. But, as the presenter answered to my question, they bring quite a few new things, including their focus on the end user and the formalization of the restrictions between applications and runtime environments, and the explicit binding and delegation. Maybe some good ideas for next releases of Java Card in this…
No Comments