Algebraic Methodology and Software Technology

Volume 2422 of the series Lecture Notes in Computer Science pp 41-59


Tool-Assisted Specification and Verification of the JavaCard Platform

  • Gilles BartheAffiliated withINRIA Sophia-Antipolis
  • , Pierre CourtieuAffiliated withINRIA Sophia-Antipolis
  • , Guillaume DufayAffiliated withINRIA Sophia-Antipolis
  • , Simão Melo de SousaAffiliated withINRIA Sophia-Antipolis

* Final gross prices may vary according to local VAT.

Get Access


Bytecode verification is one of the key security functions of the JavaCard architecture. Its correctness is often cast relatively to a defensive virtual machine that performs checks at run-time, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. We review the process of establishing such a correctness statement in a proof assistant, and focus in particular on the problemof automating the construction of an offensive virtual machine and a bytecode verifier from a defensive machine.