Compositional Verification of Secure Applet Interactions

  • Gilles Barthe
  • Dilian Gurov
  • Marieke Huisman
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2306)


Recent developments in mobile code and embedded systems have led to an increased interest in open platforms, i.e. platforms which enable different applications to interact in a dynamic environment. However, the flexibility of open platforms presents major difficulties for the (formal) verification of secure interaction between the different applications. To overcome these difficulties, compositional verification techniques are required.

This paper presents a compositional approach to the specification and verification of secure applet interactions. This approach involves a compositional model of the interface behavior of applet interactions, a temporal logic property specification language, and a proof system for proving correctness of property decompositions. The usability of the approach is demonstrated on a realistic smartcard case study.


Transition Rule Proof System Atomic Formula Label Transition System Composite State 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 2.
    G. Barthe, D. Gurov, and M. Huisman. Compositional specification and verification of control flow based security properties of multi-application programs. In Proceedings of Workshop on Formal Techniques for Java Programs (FTfJP), 2001.Google Scholar
  2. 3.
    P. Bieber, J. Cazin, V. Wiels, G. Zanon, P. Girard, and J.-L. Lanet. Electronic purse applet certification: extended abstract. In S. Schneider and P. Ryan, editors, Proceedings of the workshop on secure architectures and information flow, volume 32 of Elect. Notes in Theor. Comp. Sci. Elsevier Publishing, 2000.Google Scholar
  3. 4.
    O. Burkart and B. Steffen. Model checking the full modal mu-calculus for infinite sequential processes. In Proceedings of ICALP’97, number 1256 in LNCS, pages 419–429, 1997.Google Scholar
  4. 5.
    A. Cimatti, E. Clarke, F. Giunchiglia, and M. Roveri. NuSMV: a new symbolic model checker. Software Tools for Technology Transfer (STTT), 2/4:410–425, 2000.zbMATHCrossRefGoogle Scholar
  5. 6.
    J. Corbett, M. Dwyer, J. Hatcli., and Robby. A language framework for expressing checkable properties of dynamic software. In K. Havelund, J. Penix, and W. Visser, editors, SPIN Model Checking and Software Verification, number 1885 in LNCS. Springer, 2000.CrossRefGoogle Scholar
  6. 7.
    M. Dam and D. Gurov. Compositional verification of CCS processes. In D. Bjørner, M. Broy, and A.V. Zamulin, editors, Proceedings of PSI’99, number 1755 in LNCS, pages 247–256, 1999.Google Scholar
  7. 8.
    M. Dam and D. Gurov. μ-calculus with explicit points and approximations. Journal of Logic and Computation, 2001. To appear.Google Scholar
  8. 9.
    L.-å. Fredlund, D. Gurov, T. Noll, M. Dam, T. Arts, and G. Chugunov. A verification tool for Erlang. Software Tools for Technology Transfer (STTT), 2002. To appear.Google Scholar
  9. 10.
    G. Holzmann. The model checker SPIN. Transactions on Software Engineering, 23(5):279–295, 1997.CrossRefMathSciNetGoogle Scholar
  10. 11.
    T. Jensen, D. Le Métayer, and T. Thorn. Verification of control flow based security policies. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 89–103. IEEE Computer Society Press, 1999.Google Scholar
  11. 12.
    D. Kozen. Results on the propositional μ-calculus. Theoretical Computer Science, 27:333–354, 1983.zbMATHCrossRefMathSciNetGoogle Scholar
  12. 13.
    X. Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel, editors, Proceedings of CAV’01, number 2102 in LNCS, pages 265–285. Springer, 2001.Google Scholar
  13. 14.
    X. Leroy. On-card bytecode verification for JavaCard. In I. Attali and T. Jensen, editors, Smart Card Programming and Security (E-Smart 2001), number 2140 in LNCS, pages 150–164. Springer, 2001.CrossRefGoogle Scholar
  14. 15.
    S. Owre, J. Rushby, N. Shankar, and F von Henke. Formal verification for faulttolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107–125, 1995.CrossRefGoogle Scholar
  15. 16.
    A. Simpson. Compositionality via cut-elimination: Hennesy-Milner logic for an arbitrary GSOS. In Proceedings of the Tenth Annual IEEE Symposium on Logic in Computer Science (LICS), pages 420–430, 1995.Google Scholar
  16. 17.
    G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of POPL’98, pages 355–364. ACM Press, 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Gilles Barthe
    • 1
  • Dilian Gurov
    • 2
  • Marieke Huisman
    • 1
  1. 1.INRIA Sophia-AntipolisFrance
  2. 2.Swedish Institute of Computer ScienceSweden

Personalised recommendations