Accession Number:

ADA355133

Title:

An Implementation of Secure Flow Type Interference for a Subset of Java

Descriptive Note:

Master's thesis

Corporate Author:

NAVAL POSTGRADUATE SCHOOL MONTEREY CA

Personal Author(s):

• Akdemir, Ismail O.

Report Date:

1998-09-01

Pagination or Media Count:

50.0

Abstract:

Smart cards play an important role in a digital society. A smart card contains memory or an embedded microprocessor with the capability of enabling a wide variety of services, such as electronic cash in the case of memory cards and digital signature computation in the case of processor cards. A processor card can require a cardholder to authenticate herself in order to prevent others from using the cards services, from forging the cardholders signature, for example. Authentication can be done by storing a personal identification number PIN or digitized fingerprint of the cardholder on the card itself. The PIN or fingerprint must always remain confidential no matter how the card is abused. This thesis addresses the problem of preserving the privacy of information stored on smart cards. Volpano and Smith have developed a static analysis for analyzing source code for information flow violations. This technique is developed further here for a language called Java Card, in which smart card applications are written. A prototype analyzer is presented for a subset of Java Card and applied to a sample card application to demonstrate its utility in protecting private information stored on smart cards.

Descriptors:

• *DATA PROCESSING SECURITY
• *JAVA PROGRAMMING LANGUAGE
• SOFTWARE ENGINEERING
• INFORMATION EXCHANGE
• MICROPROCESSORS
• IDENTIFICATION SYSTEMS
• COMPUTER PROGRAM VERIFICATION
• CARDS
• OBJECT ORIENTED PROGRAMMING

Subject Categories:

• Computer Programming and Software
• Computer Systems Management and Standards

Distribution Statement:

APPROVED FOR PUBLIC RELEASE