Static Program Analysis for Java Card Applets

  • Vasilios Almaliotis
  • Alexandros Loizidis
  • Panagiotis Katsaros
  • Panagiotis Louridas
  • Diomidis Spinellis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5189)


The Java Card API provides a framework of classes and interfaces that hides the details of the underlying smart card interface, thus relieving developers from going through the swamps of microcontroller programming. This allows application developers to concentrate most of their effort on the details of application, assuming proper use of the Java Card API calls regarding (i) the correctness of the methods’ invocation targets and their arguments and (ii) temporal safety, i.e. the requirement that certain method calls have to be used in certain orders. Several characteristics of the Java Card applets and their multiple-entry-point program structure make it possible for a potentially unhandled exception to reach the invoked entry point. This contingency opens a possibility to leave the applet in an unpredictable state that is potentially dangerous for the application’s security. Our work introduces automatic static program analysis as a means for the early detection of misused and therefore dangerous API calls. The shown analyses have been implemented within the FindBugs bug detector, an open source framework that applies static analysis functions on the applet bytecode.


Java Card static program analysis temporal safety 


  1. 1.
    Burdy, L., Requet, A., Lanet, J.L.: Java applet correctness: a developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, Springer, Heidelberg (2003)Google Scholar
  2. 2.
    Beckert, B., Mostowski, W.: A program logic for handling Java Card’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Marché, C., Paulin-Mohring, C., Urbain, X.: The KRAKATOA tool for certification of JAVA/JAVACARD programs annotated in JML. Journal of Logic and Algebraic Programming 58(1-2), 89–106 (2004)CrossRefzbMATHGoogle Scholar
  4. 4.
    Meyer, J., Poetzsch-Heffter, A.: An architecture for interactive program provers. In: Schwartzbach, M.I., Graf, S. (eds.) TACAS 2000. LNCS, vol. 1785, pp. 63–77. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Jacobs, B., Marche, C., Rauch, N.: Formal verification of a commercial smart card applet with multiple tools. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 241–257. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  7. 7.
    Breunesse, C.B., Catano, N., Huisman, M., Jacobs, B.: Formal methods for smart cards: an experience report. Science of Computer Programming 55, 53–80 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
  9. 9.
    Catano, N., Huisman, M.: Formal specification and static checking of Gemplus’s electronic purse using ESC/Java. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Meijer, H., Poll, E.: Towards a full formal specification of the JavaCard API. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 165–178. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Spinellis, D., Louridas, P.: A framework for the static verification of API calls. Journal of Systems and Software 80(7), 1156–1168 (2007)CrossRefGoogle Scholar
  12. 12.
    The FindBugs project (last access: Febuary 21, 2008),
  13. 13.
    Hovemeyer, D., Pugh, W.: Finding bugs is easy. SIGPLAN Notices 39(12), 92–106 (2004)CrossRefGoogle Scholar
  14. 14.
    Dahm, M.: Byte code engineering with the BCEL API. Technical Report B-17-98, Freie University of Berlin, Institute of Informatics (2001)Google Scholar
  15. 15.
    Das, M., Lerner, S., Seigle, M.: ESP: Path-sensitive program verification in polynomial time. In: Proc. of the ACM SIGPLAN 2002 Conf. on Programming Language Design and Implementation (PLDI), pp. 57–68 (2002)Google Scholar
  16. 16.
    Hampapuram, H., Yang, Y., Das, M.: Symbolic path simulation in path-sensitive dataflow analysis. In: Proc. of 6th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE), pp. 52–58 (2005)Google Scholar
  17. 17.
    Dhurjati, D., Das, M., Yang, Y.: Path-sensitive dataflow analysis with iterative refinemet. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 425–442. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  18. 18.
    The SAFE (Scalable And Flexible Error detection) project (last access: 21st of Febuary 2008) ,
  19. 19.
    Strom, R.E., Yemini, S.: Typestate: A programming language concept for enhancing software reliability. IEEE Trans. on Software Engineering 12(1), 157–171 (1986)CrossRefzbMATHGoogle Scholar
  20. 20.
    Fink, S., Yahav, E., Dor, N., Ramalingam, G., Geay, E.: Effective typestate verification in the presence of aliasing. In: Proc. of the Int. Symp. on Software Testing and Analysis (ISSTA), pp. 133–144 (2006)Google Scholar
  21. 21.
    Chugunov, G., Fredlund, L.-A., Gurov, D.: Model checking of multi-applet Java Card Applications. In: Proc. of the 5th Smart Card Research and Advanced Application Conf. (CARDIS) (2002)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2008

Authors and Affiliations

  • Vasilios Almaliotis
    • 1
  • Alexandros Loizidis
    • 1
  • Panagiotis Katsaros
    • 1
  • Panagiotis Louridas
    • 2
  • Diomidis Spinellis
    • 2
  1. 1.Department of InformaticsAristotle University of ThessalonikiThessalonikiGreece
  2. 2.Department of Management Science and TechnologyAthens University of Economics and BusinessAthensGreece

Personalised recommendations