Abstract
This paper describes a case study in refining an abstract security protocol description down to a concrete implementation on a Java Card smart card. The aim is to consider the decisions that have to be made in the development of such an implementation in a systematic way, and to investigate the possibilities of formal specification and verification in the design process and for the final implementation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. In: Proc. Royal Soc. Series A, vol. 426, pp. 233–271 (1989)
Ryan, P., Schneider, S., Goldschmith, M., Lowe, G., Roscoe, A.W.: The Modelling and Analysis of Security Protocols: the CSP Approach. Addison-Wesley, Reading (2001)
Leavens, G., Baker, A., Ruby, C.: Preliminary design of JML: A behavioral interface specification language for Java. Technical Report 98-06q, Dep. of Comp. Sci., Iowa State Univ. (2002)
Cheon, Y., Leavens, G.: A Runtime Assertion Checker for the Java Modeling Language (JML). In: Arabnia, H., Mun, Y. (eds.) International Conference on Software Engineering Research and Practice (SERP 2002), Las Vegas, Nevada, June 2002, pp. 322–328. CSREA Press (2002)
Compaq Systems Research Center: Extended Static Checker for Java (2001), version 1.2.4, http://research.compaq.com/SRC/esc/
Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0 (1997), http://wwwusers.cs.york.ac.uk/jac/drareviewps.ps
Lowe, G.: Casper: A Compiler for the Analysis of Security Protocols, version 1.5 (2001), http://web.comlab.ox.ac.uk/oucl/work/gavin.lowe/Security/Casper/
Formal Systems: FDR2, Failures Divergence Refinement, version 2.78 (2000), http://www.formal.demon.co.uk/FDR2.html
Cataño, N., Huisman, M.: Formal specification of Gemplus’s electronic purse case study. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)
Poll, E., van den Berg, J., Jacobs, B.: Formal specification of the Java Card API in JML: the APDU class. Computer Networks 36, 407–421 (2001)
Poll, E., van den Berg, J., Jacobs, B.: Specification of the JavaCard API in JML. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Fourth Smart Card Research and Advanced Application Conference (CARDIS 2000), pp. 135–154. Kluwer Academic Publishers, Dordrecht (2000)
Marlet, R., Metayer, D.L.: Security properties and java card specificities to be studied in the secsafe project. Technical Report SECSAFE-TL-006, Trusted Logic (2001), Available from http://www.doc.ic.ac.uk/siveroni/secsafe/docs.html
Uppaal: An integrated tool environment for modeling, validation and verification of real-time system modeled as networks of timed automata, extended with data types, version 3.2.11 (2002), http://www.uppaal.com
Jacobs, B., et al.: Reasoning about classes in Java (preliminary report). In: Object-Oriented Programming, Systems, Languages and Applications (OOPSLA, pp. 329–340. ACM Press, New York (1998)
Owre, S., Shankar, N., Rushby, J.M., Stringer-Calvert, D.W.J.: PVS System Guide. Computer Science Laboratory, SRI International, Menlo Park, CA, USA (1999), Available at http://pvs.csl.sri.com/
Breunesse, C.B., Jacobs, B., van den Berg, J.: Specifying and verifying a decimal representation in Java for smart cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 304–318. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hubbers, E., Oostdijk, M., Poll, E. (2004). Implementing a Formally Verifiable Security Protocol in Java Card. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds) Security in Pervasive Computing. Lecture Notes in Computer Science, vol 2802. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39881-3_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-39881-3_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20887-7
Online ISBN: 978-3-540-39881-3
eBook Packages: Springer Book Archive