JCVM Related Security Analysis And Optimization

Java smart cards in these areas such as financial services, mobile communications, and authentication and so on get a very wide range of applications. Because of it’s the wide range of application and the importance and sensitivity of data, the security of the smart card is very important. Analysis and study on Java card security in foreign already have done lots of work, but currently the internal security research about Java smart card is still relatively backward. Gradually highlight security issues and relatively backward related security measures and research are the important background and significance of the study.Java card virtual machine (JCVM) is the most central component in java card system, and is responsible for the interpretation and execution program. In java card, all actions and methods of JCVM interpretation and implementation are subject to various security measures to protect, restrict and regulate. Studies involving the JCVM safety issues can be divided into two aspects:one side completing to the security mechanisms studies, mainly including the shareable interface research under the application firewall, security access control issues research, code isolation measures and transaction atomicity and so on; another side for the type-level security verification, that bytecode verification issues on java card.Analyze and optimize card security mechanisms. Under isolation of application firewall, the method that uses shareable interface object to pass data between objects in different contexts does not apply to the data communication among three and more than three objects, under the existing mechanism data exist out of control and the risk of leakage. Some existing methods which simply add of AID or use special third-party application that use the AID to judge whether to allow data communication have all kinds of problems. To resolve this issue, design the feature set, as well as the logic judgment module in Java Card Runtime Enviromment, according to unified safety rules by the judgment that the logic module decides through calculating the both or several feature sets during data communication to judge whether to allow data communication. Its advantages are it can adapt very well to a multi-purpose card application environments, not require frequently to updates list of AID, and high security features. Design for application features, leads to analysis of resource and data access control security policy, optimizes and improves control method of permissions and roles. Then analysis of code isolation security measures, optimize hierarchical class loading mechanism on the card. And finally analysis of atomic and transactions, propose optimized transactions processes to ensure transaction atomicity.For type-level security study, that is analysis and optimization of Java Card bytecode verification. Currently, Most of the java smart cards adopt off card verification, and always wish to adopt on card bytecode verification procedures with good performance. Existing on card bytecode verification procedures mostly use the method that is based on the cache policy, and there is no analysis of parts of the bytecode verification impacting on time complexity or space complexity, nor improve the related aspect. For model check and some other verification procedures generally, there is the problem that it is only for some specific situation or is unable to verify all bytecode. For the current on card bytecode verification problems in the program, through analysis verification methods of object initialization, interface set, the branch program and the subroutine, finds that the maximum resource consumption place of verification is the verification for branch programs and subroutines. For all these above issues, solutions are to optimize the verification method of initialization and interface collection, focusing on subroutine for the first time to present a multivariate bytecode verification method based on contour marking on the card. And put forward a new designed code of pressure-free way and cache scheduling strategy based on logical flow chart. Its advantages are significantly reducing consumption of memory and CPU resources when verify subroutine, at the same time obtaining program structure, reducing the time complexity and space complexity of verification procedures, being good performance on java card.Finally, actually test and verify optimized security measures, as well as analysis of existing deficiencies and content that is need for further study.