Secure Collaborative and Distributed Services in the Java Card Grid Platform Serge Chaumette Achraf Karray Damien Sauveron LaBRI, UMR CNRS 5800 LaBRI, UMR CNRS 5800 XLIM, UMR CNRS 6172 Université Bordeaux 1 Université Bordeaux 1 Université de Limoges 351 cours de la Libération 351 cours de la Libération 123, avenue Albert Thomas 33405 Talence, FRANCE 33405 Talence, FRANCE 87000 Limoges, FRANCE chaumett@labri.fr karray@labri.fr sauveron@labri.fr ABSTRACT Ensuring the security of services in a distributed system re- quires the collaboration of all the elements involved in pro- viding this service. In this paper we present how the secu- rity of collaborative distributed services is ensured in the Java Card TM1 Grid project carried out at LaBRI, Labora- toire Bordelais de Recherche en Informatique. The aim of this project is to build a hardware platform and the asso- ciated software components to experiment on the security features of distributed applications. To achieve this goal, we use the hardware components that offer the highest se- curity level, i.e. smart cards. We do not pretend that the resulting platform can be efficient, but we believe that it is a good testbed to experiment on the security features that one would require for real distributed applications. The kind of applications (and the services they use) that we run on our platform are those that require a high level of confidential- ity regarding their own binary code, the input data that they handle, and the results that they produce. This paper fo- cuses on the collaboration aspect of the secure services in our platform. KEYWORDS: 1. INTRODUCTION Because of the development of the technology, the users are asking more and more in terms of computing resources and networks capabilities (bandwidth, mobility, etc.). More- over, these services should be able to collaborate together to achieve the best results for the end users. To satisfy all these requirements, the manufacturers have developed new tech- nologies to connect the resources (WiFi, Bluetooth, etc.) 1 Java and all Java-based marks are trademarks or registered trademarks of Sun microsystems, Inc. in the United States and other countries. The authors are independent of Sun Microsystems, Inc. The other marks are the property of their respective owner. and to support the development of applications (Java, .NET, etc.). Thus, by federating such shared resources, a user can have access to a large platform (e.g. a grid [2, 5]) to execute his services. However, potentially unknown persons could be authorized to execute their services on such a platform, and the users of such systems must accept to have their services executed on resources that are under the control of someone else who they potentially do not even know. Therefore security is a big concern. First, the owner of the code or more precisely the code itself must be protected from the platform that ex- ecutes it and from other services executed on the same plat- form. Second, the computing resource that runs the code must be protected from this code. Even though there are software and hardware level protections, it is clearly not sufficient. If someone uploads a code to my workstation so that it is executed, nothing can prevent me from dumping the memory to work out what it is doing, or even from trac- ing the instructions executed by my processor. If I upload a code to the machine of someone else, nothing will prevent my code from doing malicious operations, even though sand box approaches can solve some of the problems. Smart cards [16] provide solutions, at both hardware and software levels. At hardware level, the cards are built so as to resist any physical attack. Of course, attacks remain pos- sible but they will not be feasible in a reasonable amount of time. The processors that can be found in standard work- stations do not offer the same protections. When a code is loaded inside a card, it can neither damage the card or access the assets that it contains, nor can it be reverse en- gineered by the owner of the card. At the software level, the cards and the applications that they embed are evaluated and certified by well defined procedures (e.g. ITSEC - In- formation Technology Security Evaluation Criteria - or CC - Common Criteria) in government approved agencies or companies (e.g. ITSEF - Information Technology Security Evaluation Facility). Furthermore, even though the cards are not very efficient in terms of computation power right now, the resources