Securing Off-Card Contract-Policy Matching in Security-By-Contract for Multi-Application Smart Cards
The Security-by-Contract (SC) framework has recently been proposed to support applications' evolution in multi-application smart cards. The key idea is based on the notion of contract, a specification of the security behavior of an application that must be compliant with the security policy of a smart card. In this paper, the authors address one of the key features needed to apply the SC idea to a resource limited device such as a smart card, namely the outsourcing of the contract-policy matching to a Trusted Third Party. The design of the overall system as well as a first implemented prototype are presented.