Abstract
The Java security policy is implemented using security components such as a Java Virtual Machine (JVM), API, verifier, and a loader. It is of prime importance to ensure that these components are implemented in accordance with their specifications. Formal methods can be used to bring the mathematical proof that their implementation corresponds to their specification. In this paper, we introduce the formal development of a complete byte code verifier for Java Card and its on-card integration. In particular, we aim to focus on the model and the proof of the complete type verifier for the Java Card language. The global architecture of the verification process implemented in this real industrial case study is described and the detailed specification of the type verifier is discusses as well as its proof. Moreover, this paper presents a comparison between formal and traditional development, summing up the pros and cons of using formal methods in industry.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
J.R. Abrial, The B Book, Assigning Programs to Meanings, Cambridge University Press, 1996.
Y. Bertot, A Coq formalization of a Type Checker for Object Initialization in the Java Virtual Machine, Research Report, INRIA Sophia Antipolis, 2001.
L. Casset, J.-L. Lanet, A Formal Specification of the Java Byte Code Semantics using the B method, Proceedings of the ECOOP’99 workshop on Formal Techniques for Java Programs, Lisbon, June 1999.
L. Casset, Formal Implementation of a Verification Algorithm Using the B Method, Proceedings of AFADL01, Nancy, France, June 2001
A. Coglio, Z. Qian and A. Goldberg, Towards a Provably-correct Implementation of the JVM Bytecode Verifier, In Proc. DARPA Information Survivability Conference and Exposition (DISCEX’00), Vol. 2, pages 403–410, IEEE Computer Society, 2000.
G. Klein, T. Nipkow, Verified Lightweight Bytecode Verification, in ECOOP 2000 Workshop on Formal Techniques for Java Programs, pp. 35–42, Cannes, June 2000.
X. Leroy, On-Card Byte Code Verification for Java Card, Proceedings of e-Smart, Cannes, France, September 2001.
X. Leroy, Bytecode Verification on Java smart Cards, to appear in Software Practice and Experience, 2002.
T. Lindholm, F. Yellin, The Java Virtual Machine Specification, Addison Wesley, 1996
G. Necula, P. Lee, Proof-Carrying Code, in 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119, Paris, France, 1997. http://www-nt.cs.berkeley.edu/home/necula/public_html/popl97.ps.gz
T. Nipkow, Verified Byte code Verifiers, Fakultät für Informatik, Technische Universität München, 2000. http://www.in.tum.de/~nipkow
C. Pusch, Proving the Soundness of a Java Bytecode Verifier in Isabelle/HOL, In OOPSLA’98 Workshop Formal Underpinnings of Java, 1998.
C. Pusch, T. Nipkow, D. von Oheimb, microJava: Embedding a Programming Language in a Theorem Prover. In Foundations of Secure Computation, IOS Press, 2000.
Z. Qian, A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271–312. Springer, 1999.
A. Requet, L. Casset, G. Grimaud, Application of the B Formal Method to the Proof of a Type Verification Algorithm, HASE 2000, Albuquerque, November 2000.
E. Rose, K. H. Rose, Lightweight Bytecode Verification, in Formal Underpinnings of Java, OOPSLA’98 Workshop, Vancouver, Canada, October. 1998. http://www-dse.doc.ic.ac.uk/~sue/oopsla/rose.f.ps
Java Card 2.1.1 Virtual Machine Specification, Sun Microsystem, 2000.
Connected, Limited Device Configuration, Specification 1.0a, Java 2 Platform Micro Edition, Sun Microsystems, 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Casset, L. (2002). Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods. In: Eriksson, LH., Lindsay, P.A. (eds) FME 2002:Formal Methods—Getting IT Right. FME 2002. Lecture Notes in Computer Science, vol 2391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45614-7_17
Download citation
DOI: https://doi.org/10.1007/3-540-45614-7_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43928-8
Online ISBN: 978-3-540-45614-8
eBook Packages: Springer Book Archive