Paper 2003/140

Trading-Off Type-Inference Memory Complexity Against Communication

Konstantin Hyppönen, David Naccache, Elena Trichina, and Alexei Tchoulkine


While bringing considerable flexibility and extending the horizons of mobile computing, mobile code raises major security issues. Hence, mobile code, such as Java applets, needs to be analyzed before execution. The byte-code verifier checks low-level security properties that ensure that the downloaded code cannot bypass the virtual machine's security mechanisms. One of the statically ensured properties is {\sl type safety}. The type-inference phase is the overwhelming resource-consuming part of the verification process. This paper addresses the RAM bottleneck met while verifying mobile code in memory-constrained environments such as smart-cards. We propose to modify classic type-inference in a way that significantly reduces the memory consumption in the memory-constrained device at the detriment of its distrusted memory-rich environment. The outline of our idea is the following, throughout execution, the memory frames used by the verifier are MAC-ed and exported to the terminal and then retrieved upon request. Hence a distrusted memory-rich terminal can be safely used for convincing the embedded device that the downloaded code is secure. The proposed protocol was implemented on JCOP20 and JCOP30 Java cards using IBM's JCOP development tool.

Available format(s)
Publication info
Published elsewhere. A short version of this paper appeared in ICICS2003
MACProtocolType InferenceSmart Cards
Contact author(s)
david naccache @ gemplus com
2003-07-20: received
Short URL
Creative Commons Attribution


      author = {Konstantin Hyppönen and David Naccache and Elena Trichina and Alexei Tchoulkine},
      title = {Trading-Off Type-Inference Memory Complexity Against Communication},
      howpublished = {Cryptology ePrint Archive, Paper 2003/140},
      year = {2003},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.