Rewriting Techniques and Applications

Volume 2706 of the series Lecture Notes in Computer Science pp 337-351


Validation of the JavaCard Platform with Implicit Induction Techniques

  • Gilles BartheAffiliated withINRIA Sophia-Antipolis
  • , Sorin StratulatAffiliated withLITA, Université de Metz

* Final gross prices may vary according to local VAT.

Get Access


The bytecode verifier (BCV), which performs a static analysis to reject potentially insecure programs, is a key security function of the Java(Card) platform. Over the last few years there have been numerous projects to prove formally the correctness of bytecode verification, but relatively little effort has been made to provide methodologies, techniques and tools that help such formalisations. In earlier work, we develop a methodology and a specification environment featuring a neutral mathematical language based on conditional rewriting, that considerably reduce the cost of specifying virtual machines.

In this work, we show that such a neutral mathematical language based on conditional rewriting is also beneficial for performing automatic verifications on the specifications, and illustrate in particular how implicit induction techniques can be used for the validation of the Java(Card) Platform. More precisely, we report on the use of SPIKE, a first-order theorem prover based on implicit induction, to establish the correctness of the BCV. The results are encouraging, as many of the intermediate lemmas required to prove the BCV correct can be proved with SPIKE.