Site Tools


Smart Card Solution

User Manual

JavaCard API Samples

Java Card Specification

Knowledge Sharing


1.4 Java Card Runtime Environment Security

The standard runtime environment for the Java Card platform is the Java Card Runtime Environment. The Java Card RE consists of an implementation of the Java Card virtual machine along with the Java Card API classes. While the Java Card virtual machine has responsibility for ensuring Java language-level security, the Java Card RE imposes additional runtime security requirements on devices that implement the Java Card RE, which results in a need for additional features on the Java Card virtual machine. Throughout this document, these additional features are designated as Java Card RE-specific.

The basic runtime security feature imposed by the Java Card RE enforces isolation of applets using what is called an applet firewall. The applet firewall prevents the objects that were created by one applet from being used by another applet. This prevents unauthorized access to both the fields and methods of class instances, as well as the length and contents of arrays.

Isolation of applets is an important security feature, but it requires a mechanism to allow applets to share objects in situations where there is a need to interoperate. The Java Card RE allows such sharing using the concept of shareable interface objects. These objects provide the only way an applet can make its objects available for use by other applets. For more information about using shareable interface objects, see the description of the interface javacard.framework.Shareable in the Application Programming Interface, Java Card Platform, Version 2.2.2 specification. Some descriptions of firewall-related features make reference to the Shareable interface.

The applet firewall also protects from unauthorized use the objects owned by the Java Card RE itself. The Java Card RE can use mechanisms not reflected in the Java Card API to make its objects available for use by applets. A full description of the Java Card RE-related isolation and sharing features can be found in the Runtime Environment Specification, Java Card Platform, Version 2.2.2.

Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.

javacard/jcvm/1.4_java_card_runtime_environment_security.txt · Last modified: 2017/05/13 04:08 (external edit)