CoCoon - Codesign for Countermeasures against Malicious Applications on Java Cards
The main idea in the CoCoon project is to activate Issuer Centric Ownership for Java Smart Cards. This means that everybody will have only one Smart Card which stores different applications for banking or transportation. A big security problem is that the user will be able to download Java Card applets from untrusted sources which could contain malicious Java bytecode. This can lead to the problem that one applet is able to read out or manipulate security relevant data from another applet. This can be a big security problem if you think of the case of changing the credit data of a financial applet. Another big problem is the fact that the Java Card is running in an unsecure environment which means that physical attacks can be performed on the card to provoke faults which could also lead to security threats.

Confidentiality, integrity and unauthorized execution of data or code must be guaranteed against logical attacks which manipulate the Java bytecode or different physical attacks during runtime of the Java Card Virtual Machine. This requires a new codesign approach where byte code verification and defensive virtual machines are designed and analyzed in parallel to find commonalities and trade-offs.

Staff member
Project Manager at the Organizational Unit
Christian Steger
Ass.Prof. Dipl.-Ing. Dr.techn.
Participant / Staff Member
Reinhard Berlach
Michael Irauschek
Michael Lackner
Dipl.-Ing. BSc
Funding sources
  • Österreichische Forschungsförderungsgesellschaft mbH, FFG
Research areas
  • Hardware/Software-Codesign
Start: 01.04.2011
End: 30.09.2014

Selected Publications