Using Coq to Verify Java CardTM Applet Isolation Properties

* Final gross prices may vary according to local VAT.

Get Access


This paper reports on the use of the Coq proof assistant for the formal verification of applet isolation properties in Java Card technology. We focus on the confidentiality property. We show how this property is verified by the card manager and the APIs, extending our former proof addressing the Java Card virtual machine. We also show how our verification method allows to complete specifications and to enhance the secure design of the platform. For instance, we describe how the proof of the integrity puts the light on a known bug. Finally, we present the benefits of the use of high order modelling to handle the complexity of the system, to prove security properties and eventually to construct generic re-usable proof architectures.