A Verifiable Conformance Relationship between Smart Card Applets and B Security Models

  • Frédéric Dadeau
  • Julien Lamboley
  • Thierry Moutet
  • Marie-Laure Potet
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5238)


We propose a formal framework based on the B method, that supports the development of secured smart card applications. Accordingly to the Common Criteria methodology, we start from a formal definition and modelling of security policies, as access control policies. At the end of the development process, smart card applications are implemented in a standardized way, based on both the life cycle of smart card applets and the APDU protocol. In this paper, we define a conformance relationship that aims at establishing how smart card applications can be related to security requirement models. This embraces both the notions of security conformance as well as traceability allowing to relate basic events appearing at the level of applications with abstract security policies. This approach has been developed in the RNTL POSÉ project, involving a smart card issuer, Gemalto.


Access Control Smart Card Security Policy Security Requirement Security Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.-R.: The B-Book. Cambridge University Press, Cambridge (1996)zbMATHGoogle Scholar
  2. 2.
    Abrial, J.-R., Mussat, L.: Introducing Dynamic Constrains in B. In: Bert, D. (ed.) B 1998. LNCS, vol. 1393. Springer, Heidelberg (1998)Google Scholar
  3. 3.
    Basin, D., Doser, J., Lodderstedt, T.: A temporal logic of actions. ACM Transactions on Software Engineering and Methodology (TOSEM) 15(1) (2006)Google Scholar
  4. 4.
    Benaissa, N., Cansell, D., Mery, D.: Integration of Security Policy into System Modeling. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 232–247. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805. Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Common Criteria for Information Technology Security Evaluation, Part 2: Security functional components. Technical Report CCMB-2006-09-002, v3.1 (September 2006)Google Scholar
  7. 7.
    Common Criteria for Information Technology Security Evaluation, Part 3: Security assurance components. Technical Report CCMB-2006-09-003, v3.1 (September 2006)Google Scholar
  8. 8.
    Dadeau, F., Potet, M.-L., Tissot, R.: A B Formal Framework for Security Developments in the Domain of Smart Card Applications. In: SEC 2008: 23th International Information Security Conference, IFIP proceedings. Springer, Heidelberg (to appear, 2008)Google Scholar
  9. 9.
    Dijkstra, E.W.: A discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)zbMATHGoogle Scholar
  10. 10.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  11. 11.
    Haddad, A.: Meca: a Tool for Access Control Models. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 281–284. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Smart Card Standard: Part 4: Interindustry Commands for Interchange. Technical report, ISO/IEC 7816-4 (1995)Google Scholar
  13. 13.
    Jaffuel, E., Legeard, B.: LEIRIOS Test Generator: Automated Test Generation from B Models. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 277–280. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Julliand, J., Masson, P.-A., Tissot, R.: Generating security tests in addition to functional tests. In: AST 2008, 3rd Int. workshop on Automation of Software Test, Leipzig, Germany, May 2008, pp. 41–44. ACM Press, New York (2008)CrossRefGoogle Scholar
  15. 15.
    Lamport, L.: A temporal logic of actions. ACM Transactions on Programming Languages and Systems 16(3), 872–923 (1994)CrossRefGoogle Scholar
  16. 16.
    Poll, E., van den Berg, J., Jacobs, B.: Specification of the JavaCard API in JML. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) CARDIS. IFIP Conference Proceedings, vol. 180, pp. 135–154. Kluwer, Dordrecht (2000)Google Scholar
  17. 17.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar
  18. 18.
    Stouls, N., Potet, M.-L.: Security Policy Enforcement through Refinement Process. In: Julliand, J., Kouchnarenko, O. (eds.) B 2007. LNCS, vol. 4355, pp. 216–231. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Tretmans, J.: Conformance testing with labelled transition systems: Implementation relations and test generation. Computer Networks and ISDN Systems 29(1), 49–79 (1996)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Frédéric Dadeau
    • 1
  • Julien Lamboley
    • 2
  • Thierry Moutet
    • 2
  • Marie-Laure Potet
    • 2
  1. 1.Laboratoire d’Informatique de Franche-ComtéBesançon cedex 
  2. 2.Vérimag, centre équationGières 

Personalised recommendations