Compositional Verification of Secure Applet Interactions
Recent developments in mobile code and embedded systems have led to an increased interest in open platforms, i.e. platforms which enable different applications to interact in a dynamic environment. However, the flexibility of open platforms presents major difficulties for the (formal) verification of secure interaction between the different applications. To overcome these difficulties, compositional verification techniques are required.
This paper presents a compositional approach to the specification and verification of secure applet interactions. This approach involves a compositional model of the interface behavior of applet interactions, a temporal logic property specification language, and a proof system for proving correctness of property decompositions. The usability of the approach is demonstrated on a realistic smartcard case study.
KeywordsTransition Rule Proof System Atomic Formula Label Transition System Composite State
- 2.G. Barthe, D. Gurov, and M. Huisman. Compositional specification and verification of control flow based security properties of multi-application programs. In Proceedings of Workshop on Formal Techniques for Java Programs (FTfJP), 2001.Google Scholar
- 3.P. Bieber, J. Cazin, V. Wiels, G. Zanon, P. Girard, and J.-L. Lanet. Electronic purse applet certification: extended abstract. In S. Schneider and P. Ryan, editors, Proceedings of the workshop on secure architectures and information flow, volume 32 of Elect. Notes in Theor. Comp. Sci. Elsevier Publishing, 2000.Google Scholar
- 4.O. Burkart and B. Steffen. Model checking the full modal mu-calculus for infinite sequential processes. In Proceedings of ICALP’97, number 1256 in LNCS, pages 419–429, 1997.Google Scholar
- 7.M. Dam and D. Gurov. Compositional verification of CCS processes. In D. Bjørner, M. Broy, and A.V. Zamulin, editors, Proceedings of PSI’99, number 1755 in LNCS, pages 247–256, 1999.Google Scholar
- 8.M. Dam and D. Gurov. μ-calculus with explicit points and approximations. Journal of Logic and Computation, 2001. To appear.Google Scholar
- 9.L.-å. Fredlund, D. Gurov, T. Noll, M. Dam, T. Arts, and G. Chugunov. A verification tool for Erlang. Software Tools for Technology Transfer (STTT), 2002. To appear.Google Scholar
- 11.T. Jensen, D. Le Métayer, and T. Thorn. Verification of control flow based security policies. In Proceedings of the IEEE Symposium on Research in Security and Privacy, pages 89–103. IEEE Computer Society Press, 1999.Google Scholar
- 13.X. Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel, editors, Proceedings of CAV’01, number 2102 in LNCS, pages 265–285. Springer, 2001.Google Scholar
- 16.A. Simpson. Compositionality via cut-elimination: Hennesy-Milner logic for an arbitrary GSOS. In Proceedings of the Tenth Annual IEEE Symposium on Logic in Computer Science (LICS), pages 420–430, 1995.Google Scholar
- 17.G. Smith and D. Volpano. Secure information flow in a multi-threaded imperative language. In Proceedings of POPL’98, pages 355–364. ACM Press, 1998.Google Scholar