Professional Documents
Culture Documents
2
A question of trust
3
Untrusted code is restricted
There is some
overlap among these
classes, but they
make the risks easier
to understand
JDK 1.1
12
How can Java fit on a card?
13
Multi-application cards
14
Java Card security != Java security
Good Bad
• no dynamic class loading • applets added post
– type safety issues issuance (ARGH)
• only one active applet • no sandbox
• no threading – trusted code required
• objects include • native method calls
rudimentary access • no garbage collection
control • object sharing
complexity
• out of band verification
15
Security risks in Java Card 2.1
16
Multi-application issues
18
Security is harder than it sounds
19