Java Card and Visa Open Platform: Risks and Realities

Gary McGraw

Vice President of Corporate Technology
Reliable Software Technologies

Abstract

Multi-application smart cards sound like an excellent idea on first blush. But from a security perspective, serious new risks are introduced when smart cards include the ability to run code loaded post production. The risks are strikingly similar to the risks introduced by mobile code systems like Java, ActiveX, and Postscript.

At its root, the problem is this: running someone else's code on your computer is a risky activity. Who is to say what the code might try to do and whether or not its activities will be malicious?

This is not a new problem by any stretch of the imagination. In fact, it's really an old problem with a new twist. Nonetheless, the magnitude of the risks is impressive as anyone familiar with Melissa and ExploreZip can attest.

The Java platform was designed to manage mobile code risks. Java is especially cool since it is cross-platform, object oriented, network-savvy, and uses modern memory management. In addition, Java's designers attempted to create a system that simultaneously ensures type safety, allows dynamic class loading, and offers policy-based fine-grained access control built on stack inspection.

Sounds great! But from a smart card perspective, the question is whether Java Card is really like Java at all. What's there and what's not? What risks are managed? What are swept under the rug? This talk explores Java security issues as they relate to Java Card 2.1 and the Visa Open Platform.

Further reading

Securing Java (electronic edition, see Chapter 8)
The Java Security Hotlist
Gary McGraw is the Vice President of Corporate Technology at Reliable Software Technologies where he pursues research in software security while leading the Software Security Group. He holds a dual PhD in Cognitive Science and Computer Science from Indiana University and a BA in Philosophy from UVa. He has written over fifty peer-reviewed technical publications, consults with major e-commerce vendors including Visa, Microstrategy, and the Federal Reserve, and has served as principal investigator on grants from Air Force Research Labs, DARPA, National Science Foundation, and NIST's Advanced Technology Program. Dr. McGraw serves on the Boards of Counterpane, Finjan, Signature America, and Digital by Design Group. He also chairs the National Infosec Research Council's Malicious Code Infosec Science and Technology Study Group.

Dr. McGraw is a noted authority on mobile code security and co-authored both Java Security: Hostile Applets, Holes, & Antidotes (Wiley, 1996) and Securing Java: Getting down to business with mobile code (Wiley, 1999) with Prof. Ed Felten of Princeton. Dr. McGraw is currently writing a book entitled Software Security for Developers (2001). He regularly contributes to popular trade publications and is often quoted in national press articles. URL's: