author: Alessio Parzian
title: Java Card Bytecode Verification
committee: Marieke Huisman ,
Jan Brands ,
end: August 2015


Mobile devices, such as smart phones and tablets, are increasingly being equipped with Near-Field Communication (NFC) technology. Part of NXP’s NFC solution for mobile devices is the incorporation of a so-called embedded Secure Element (SE), which is essentially a smart card chip running a Java Card virtual machine. Ideally, third party developers should be able to install their applets on it, but this is usually not allowed for security reasons. For the security of the information stored in the SE it is important to check and verify any Java bytecode that is uploaded to the SE for potentially exploitable or malicious code. With this internship, I investigated the current state of the art of Java Cards and studied how to design a software tool to analyze bytecode for the presence of potentially exploitable or malicious code, with the main purpose of making the SE management more flexible, but still secure.

Additional Resources

  1. The paper