Formalisation and Verification of the GlobalPlatform Card Specification Using the B Method

  • Santiago Zanella Béguelin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3956)


We give an overview of an application of the B method to the formalisation and verification of the GlobalPlatform Card Specification. Although there exists a semi-formal specification and some effort has been put into providing formalisations of particular features of smart card platforms, this is, as far as we know, the very first attempt to provide a complete formalisation. We describe the process followed to synthesise a mathematical model of the platform in the B language, starting from requirements stated in natural language. The model consistency has been thoroughly verified using formal techniques supported by the B method. We also discuss how the smart card industry might benefit from exploiting this formal specification and outline directions for future work.


Formal Method Smart Card Proof Obligation Security Feature Abstract Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rankl, W., Effing, W.: Smart Card Handbook, 2nd edn. John Wiley & Sons, Inc., Chichester (2000)Google Scholar
  2. 2.
    GlobalPlatform: Card Specification. Version 2.1.1 (2003)Google Scholar
  3. 3.
  4. 4.
    Abrial, J.R.: The B Book - Assigning Programs to Meanings. Cambridge University Press, Cambridge (1996)CrossRefMATHGoogle Scholar
  5. 5.
    Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Upper Saddle River (1976)MATHGoogle Scholar
  6. 6.
  7. 7.
    Behm, P., Benoit, P., Faivre, A., Meynadier, J.M.: METEOR: A successful application of B in a large project. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 369–387. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Hoare, J., Dick, J., Neilson, D., Sorensen, I.: Applying the B technologies to CICS. In: Gaudel, M.-C., Woodcock, J.C.P. (eds.) FME 1996. LNCS, vol. 1051, pp. 74–84. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  9. 9.
    Lanet, J.L., Requet, A.: Formal proof of smart card applets correctness. In: Quisquater, J.J., Schneier, B. (eds.) Third Smart Card Research and Advanced Application Conference, Louvain-la-Neuve, Belgium (1998)Google Scholar
  10. 10.
    Bert, D., Boulm, S., Potet, M.L., Requet, A., Voisin, L.: Adaptable translator of B specifications to embedded C programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 94–113. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Sabatier, D., Lartigue, P.: The use of the B formal method for the design and the validation of the transaction mechanism for smart card applications. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 348–368. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Lanet, J.L., Lartigue, P.: The use of formal methods for smartcards, a comparison between B and SDL to model the T=1 protocol. In: Proceedings of International Workshop on Comparing Systems Specification Techniques, Nantes (1998)Google Scholar
  13. 13.
    Casset, L., Burdy, L., Requet, A.: Formal development of an embedded verifier for Java Card byte code. In: DSN 2002: Proceedings of the 2002 International Conference on Dependable Systems and Networks, Washington, DC, USA, pp. 51–58. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  14. 14.
    Lano, K.: The B Language and Method: A guide to Practical Formal Development. Springer, London (1996)CrossRefGoogle Scholar
  15. 15.
    GlobalPlatform: Card Security Requirements Specification. Version 1.0 (2001)Google Scholar
  16. 16.
    Manoranjan, M., Satpathy, M., Butler, M.: ProTest: An automatic test environment for B specifications. In: Proceedings of International workshop on Model Based Testing. ECS University of Southhampton (2004)Google Scholar
  17. 17.
    Ambert, F., Bouquet, F., Chemin, S., Guenaud, S., Legeard, B., Peureux, F., Vacelet, N., Utting, M.: BZ-TT: A tool-set for test generation from Z and B using constraint logic programming. In: Proc. of Formal Approaches to Testing of Software, FATES 2002, pp. 105–120 (2002)Google Scholar
  18. 18.
    Stepney, S., Cooper, D., Woodcock, J.: An electronic purse: Specification, refinement and proof. Technical Monograph PRG-126, Oxford University Computing Laboratory, Wolfson Building, Parks Road, Oxford, UK (2000)Google Scholar
  19. 19.
    Cataño, N., Huisman, M.: Formal specification and static checking of Gemplus’ electronic purse using ESC/Java. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 272–289. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  20. 20.
    Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling 4, 32–54 (2005)CrossRefGoogle Scholar
  21. 21.
    Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java/JavaCard programs annotated in JML. J. Log. Algebr. Program. 58, 89–106 (2004)CrossRefMATHGoogle Scholar
  22. 22.
    Burdy, L., Requet, A., Lanet, J.L.: Java applet correctness: A developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  23. 23.
    VerifiCard project,
  24. 24.
  25. 25.
    Barthe, G., Dufay, G., Jakubiec, L., Serpette, B.P., de Sousa, S.M.: A formal executable semantics of the JavaCard platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Alves-Foss, J. (ed.): Formal Syntax and Semantics of Java. LNCS, vol. 1523. Springer, Heidelberg (1999)Google Scholar
  27. 27.
    Poll, E., van den Berg, J., Jacobs, B.: Specification of the JavaCard API in JML. In: Domingo-Ferrer, J., Chan, D., Watson, A. (eds.) Fourth Smart Card Research and Advanced Application Conference (CARDIS 2000), pp. 135–154. Kluwer Acad. Publ., Dordrecht (2000)CrossRefGoogle Scholar
  28. 28.
    Poll, E., van den Berg, J., Jacobs, B.: Formal specification of the JavaCard API in JML: the APDU class. Computer Networks 36, 407–421 (2001)CrossRefGoogle Scholar
  29. 29.
    Meijer, H., Poll, E.: Towards a full formal specification of the Java Card API. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, p. 165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  30. 30.
    Burdy, L., Cheon, Y., Cok, D., Ernst, M.D., Kiniry, J., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. STTT 7, 212–232 (2005)CrossRefGoogle Scholar
  31. 31.
    Poll, E., van den Berg, J., Jacobs, B.: Formal specification and verification of JavaCard’s application identifier class. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 137–150. Springer, Heidelberg (2001)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Santiago Zanella Béguelin
    • 1
  1. 1.INRIA Sophia AntipolisSophia AntipolisFrance

Personalised recommendations