This introductory tutorial will give an overview about software attacks against Java based smart cards. Java Cards have shown an improved robustness compared to native applications regarding many attacks. They are designed to resist to numerous attacks using both physical and logical techniques. After a brief presentation of the Java Card platform and its security functions, we will present attacks based on a faulty implementation of the transactions, due to ambiguities in the specification. Then we will describe the flaws that can be exploited with an ill-typed applet and we will finish with correct applets which can mutate thanks to a fault attack. The different attacks will be studied step by step. Then we will study the counter measures available both at the system level and at the applicative level against these attacks.

The length of the tutorial is 3 hours. The intended audience is participants from academia and industry interested in developing secure applications based on smart cards. A preliminary knowledge about Java and its internals is expected.

Bio:
Jean-Louis Lanet is full Professor at the University of Limoges since 2007. Prior to this he was a researcher at Elecma designing fault tolerant computers for turbo engines, then he joined Gemplus research labs as senior researcher (1996-2007). He is leading the SSD team at the XLIM labs, he is also in charge of the Cryptis master at the University off Limoges where he teaches Smart Cards.

Tutorial 2: Data Analysis with Privacy Constraints. Stelvio Cimato, Università degli Studi di Milano.

The so-called "data explosion" has been caused by the digitization of our daily lives and consists in an enormous amount of data collected by governments, corporations, and individuals. On one side, protecting the confidentiality of this data is critical for the privacy of the individuals, on the other side the possibility to analyze this data and extract information could have significant benefits in taking decisions in different fields (financial, medical, etc.).

This tutorial will survey recent research on two different paradigms that provide means to perform different kinds of analysis: secure computation, and computation over encrypted data in outsourced databases. The tutorial will cover different definitions and classifications of privacy preserving computations, basic methods and protocols for secure data analysis, and try to build a bridge between the two paradigms for performing data analysis, limiting the disclosure of sensible information.

Bio:
Dr. Stelvio Cimato is assistant professor at the Università degli Studi di Milano, Italy. He received a Ph.D in computer science from the Università di Bologna. His main research interests include privacy, computer security and cryptography. He has published several papers in the area in international conferences and journals, and has published several books. He is actively involved in the academic community, having served on international conference committees, participating in several European projects, and being a regular reviewer for international journals.