Chapter

Formal Aspects in Security and Trust

Volume 4691 of the series Lecture Notes in Computer Science pp 220-234

A Formal Specification of the MIDP 2.0 Security Model

  • Santiago Zanella BéguelinAffiliated withINRIA Sophia Antipolis, 06902 Sophia Antipolis Cedex
  • , Gustavo BetarteAffiliated withInCo, Facultad de Ingeniería, Universidad de la República, Montevideo
  • , Carlos LunaAffiliated withInCo, Facultad de Ingeniería, Universidad de la República, Montevideo

* Final gross prices may vary according to local VAT.

Get Access

Abstract

This paper presents, to the best of our knowledge, the first formal specification of the application security model defined by the Mobile Information Device Profile 2.0 for Java 2 Micro Edition. The specification, which has been formalized in Coq, provides an abstract representation of the state of a device and the security-related events that allows to reason about the security properties of the platform where the model is deployed. We state and sketch the proof of some desirable properties of the security model. Although the abstract specification is not executable, we describe a refinement methodology that leads to an executable prototype.