Industrial Use of Formal Methods for a High-Level Security Evaluation
This paper presents an effective use of formal methods for the development and for the security certification of smart card software. The approach is based on the Common Criteria’s methodology that requires the use of formal methods to prove that a product implements the claimed security level. This work led to the world-first certification of a commercial Java Card TM product involving all formal assurances needed to reach the highest security level. For this certification, formal methods have been used for the design and the implementation of the security functions of the Java Card system embedded in the product. We describe the refinement scheme used to meet the Common Criteria’s requirements on formal models and proofs. In particular, we show how to build the proof that the implementation ensures the security objectives claimed in the security specification. We also provide some lessons learned from this important application of formal methods to the smart cards industry.
KeywordsVirtual Machine State Machine Formal Method Smart Card Security Policy
Unable to display preview. Download preview PDF.
- 1.The Coq Development Team. The Coq Proof Assistant., http://coq.inria.fr/
- 2.Sun Microsystems. Java Card 2.2 Virtual Machine Specification (2002), http://www.javasoft.com/products/javacard
- 3.Sun Microsystems. Java Card 2.2 Runtime Environment Specification (2002), http://www.javasoft.com/products/javacard
- 4.Sun Microsystems. Java Card 2.2 Application Programming Interface (2002), http://www.javasoft.com/products/javacard
- 7.Sun Microsystems. Java Card System Protection Profile Collection - Version 1.1 (2003), http://java.sun.com/products/javacard/pp.html
- 8.Bundesam für Sicherheit der Informationstechnik (BSI). Evualuation methodology for CC assurance classes for EAL5+, June, Version 1.00. Ref. AIS34 (2004)Google Scholar
- 10.Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C Programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 94–113. Springer, Heidelberg (2003)Google Scholar
- 11.Andronick, J., Chetali, B., Paulin-Mohring, C.: Formal Verification of Security Properties of Smart Card Embedded Source Code. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 302–317. Springer, Heidelberg (2005)Google Scholar
- 16.Common Criteria, http://www.commoncriteria.org/