I've been looking at options for Javacard code analysis and although there are many whitepapers available discussing the topic, there seems to be few available tools!
I've so far used:
- PMD - https://pmd.github.io/(
- FindBugs - http://findbugs.sourceforge.net/
- Proguard - https://sourceforge.net/projects/proguard/
PMD and FindBugs both give good output based on the Java language, but fail to take into consideration JCRE-specific rules, constraints and best practices. Proguard is the only one that has specific references to Javacard but it is a code optimiser only.
Are there any tools out there that can help specifically with finding Javacard design pattern, implementation and security issues?
JavacardOS will not accept order any more, please contact our partner Feitian online Store:
https://ftsafe.en.alibaba.com/index.html
https://ftsafe.en.alibaba.com/index.html
Static analysis and code optimisation
-
kosullivan
- Posts: 34
- Joined: Mon Jun 29, 2015 9:03 pm
- Points :624
- Contact:
-
roundtable
- Posts: 18
- Joined: Mon Sep 18, 2017 9:52 pm
- Points :240
- Contact:
Re: Static analysis and code optimisation
Unfortunately , there is not special tool to do that. some issues should be considered on javacard although java language is used to develop , such as limited memory, byte codes supported and transaction performance, which lead to most design patterns (e.g. factory module) or object oriented nethods are not utilized completely.
If you are interested in javacard security and implementation issues, you can find Secret Tartget documents of main card venders on CCRA web site or contact them to apply for product guidelines.
If you are interested in javacard security and implementation issues, you can find Secret Tartget documents of main card venders on CCRA web site or contact them to apply for product guidelines.
Who is online
Users browsing this forum: No registered users and 77 guests