Java Magazine, Nov/Dec 2017
ORACLE COM JAVAMAGAZINE NOVEMBER DECEMBER 2017 87 java card reading the field or array component back yields its latest conditional value but the update is not yet committed When the applet calls JCSystem commitTransaction all conditional updates are committed to persistent storage If power is lost or if some other system failure occurs prior to the completion of The Java Card Forum is working to bring to market a new version of the Java Card specification that will address the IoT market and new secure element form factors JCSystem commitTransaction all conditionally updated fields or array components are restored to their previous values If the applet encounters an internal problem or decides to cancel the transaction it can programmatically undo conditional updates by calling JCSystem abortTransaction Applet Isolation and Firewall A Java Card context is a protected object space associated with each applet package and Java Card RE All objects owned by an applet belong to the context of the applets package Any implementation of the Java Card RE supports isolation of contexts and applets Isolation means that one applet cannot access the fields or objects of an applet in another context unless the other applet explicitly provides an interface for access A critical security feature of Java Card is the applet firewall This technology is runtimeenforced protection and is separate from the Java programming language protections which still apply to Java Card applets They ensure that strong typing and protection attributes are enforced Applet firewalls are always enforced in the Java Card VM They enable the VM to automatically perform additional security checks at runtime In addition the Java Card RE maintains its own Java Card RE context This context is much like the context of an applet but it has special system privileges so that it can perform operations that are denied to applets contexts Figure 4 illustrates security in a multiapplet architecture Isolation of applets is an important security feature but it requires a mechanism to allow applets to share objects in situations where there is a need to interoperate The Java Card RE
You must have JavaScript enabled to view digital editions.