Formal Proof of Smart Card Applets Correctness
The new Gemplus smart card is based on the Java technology, embedding a virtual machine. The security policy uses mechanisms that are based on Java properties. This language provides segregation between applets. But due to the smart card constraints a byte code verifier can not be embedded. Moreover, in order to maximise the number of applets the byte code must be optimised. The security properties must be guaranteed despite of these optimisations. For this purpose, we propose an original manner to prove the equivalence between the interpreter of the JVM and our Java Card interpreter. It is based on the refinement and proof process of the B formal method.
KeywordsJava byte code security optimisation formal specification
Unable to display preview. Download preview PDF.
- [Coh-97]Cohen, Defensive Java Virtual Machine, http://www.cli.com/software/djvm
- [Fre-98]Freud, S.N., Mitchell, J.C.: A type System for Object Initializatio In the Java Byte Code Language, http://theory.standford.edu/~freunds
- [Gol-97]Golberg, A.: A Specification of Java Loading and Bytecode Verification Kestrel Institute (December 1997), http://www.kestrel.edu/HTML/people/goldberg/
- [Har-98]Hartel, P., Butler, M., Levy, M.: The operational semantics of a Java Secure ProcessorGoogle Scholar
- [Qia-97]Qian A formal specification of Java Virtual Machine Instruction. Technical Report (abstract), Universitat Bremen (1997), http://www.informatik.unibremen.de/~qian/abs-fsjvm.html
- [Sta-98]Stata, R., Abadi, M.: A Type System for Byte Code Subroutines. In: Proc. 25th ACM Symposium on Principles of Programming Language (January 1998)Google Scholar
- [Yel-96]Yellin, F., Lindholm, T.: The Java Virtual Machine Specification. Addison Wesley, Reading (1996)Google Scholar