Our Online Store have the new products: RFID antenna board. Currently it can work with JC10M24R and JCOP4 card chips.
Compared with normal cards, the antenna board module has a smaller size and fixed holes, which is easy to integrate in the IOT(Internet Of Things) project.

Static analysis and code optimisation

JavaCard Applet Development Related Questions and Answers.
kosullivan
Posts: 34
Joined: Mon Jun 29, 2015 9:03 pm
Points :616
Contact:

Static analysis and code optimisation

Post by kosullivan » Sat Oct 07, 2017 9:57 pm

I've been looking at options for Javacard code analysis and although there are many whitepapers available discussing the topic, there seems to be few available tools!

I've so far used:
- PMD - https://pmd.github.io/(
- FindBugs - http://findbugs.sourceforge.net/
- Proguard - https://sourceforge.net/projects/proguard/

PMD and FindBugs both give good output based on the Java language, but fail to take into consideration JCRE-specific rules, constraints and best practices. Proguard is the only one that has specific references to Javacard but it is a code optimiser only.

Are there any tools out there that can help specifically with finding Javacard design pattern, implementation and security issues?

roundtable
Posts: 18
Joined: Mon Sep 18, 2017 9:52 pm
Points :240
Contact:

Re: Static analysis and code optimisation

Post by roundtable » Tue Oct 10, 2017 1:30 am

Unfortunately , there is not special tool to do that. some issues should be considered on javacard although java language is used to develop , such as limited memory, byte codes supported and transaction performance, which lead to most design patterns (e.g. factory module) or object oriented nethods are not utilized completely.
If you are interested in javacard security and implementation issues, you can find Secret Tartget documents of main card venders on CCRA web site or contact them to apply for product guidelines.

Post Reply Previous topicNext topic

Who is online

Users browsing this forum: No registered users and 14 guests

JavaCard OS : Disclaimer