Advertisement

A Method for Secure Smartcard Applications

  • Dominik Haneberg
  • Wolfgang Reif
  • Kurt Stenzel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2422)

Abstract

We have presented a method for the formal development of secure smartcard applications. The method combines and integrates different techniques (with algebraic specifications at the core) to tackle the different problems: objects and distributed systems, attackers and cryptographic protocols, JavaCard programs and limited resources. The techniques include UML models enriched by algebraic specifications, and dynamic logic for JavaCard verification. The method is tailored to take advantage of the special features of smartcard scenarios, and to make proving securityand correctness as easy as possible. The method is illustrated with a small but surprisinglyco mplex example, a copy card. The approach is implemented in the KIV specification and verification system.

Keywords

Smart Card Class Diagram Security Property Activity Diagram Dynamic Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    J. Alves-Foss, editor. Formal Syntax and Semantics of Java. Springer LNCS 1523, 1999.Google Scholar
  2. 2.
    R. Anderson and R. Needham. Programming satan’s computer. In J. van Leeuwen, editor, Computer Science Today: Recent Trends and Developments. Springer LNCS 1000, 1995.Google Scholar
  3. 3.
    M. Balser, W. Reif, G. Schellhorn, K. Stenzel, and A. Thums. Formal system development with KIV. In T. Maibaum, editor, Fundamental Approaches to Software Engineering, number 1783 in LNCS. Springer, 2000.CrossRefGoogle Scholar
  4. 4.
    B. Beckert. A dynamic logic for the formal verification of java card programs. In I. Attali and T. Jensen, editors, Java on Smart Cards. Springer LNCS 2041, 2000.Google Scholar
  5. 5.
    M. Burrows, M. Abadi, and R. Needham. A logic of authentication. Technical report, SRC Research Report 39, 1989.Google Scholar
  6. 6.
    CoFI: The Common Framework Initiative. Casl—the CoFI algebraic specification language tentative design: Language summary, 1997. http://www.brics.dk/Projects/CoFI.
  7. 7.
    R. Eshuis and R. Wieringa. A formal semantics for uml activity diagrams—formalising workflow models. Technical report, University of Twente, February 2001. http://wwwhome.cs.utwente.nl/~eshuis/adsem.pdf.
  8. 8.
    D. Harel. First Order Dynamic Logic. LNCS 68. Springer, Berlin, 1979.zbMATHGoogle Scholar
  9. 9.
    International Standards Organization, Geneva. ISO 7816—Identification Cards—Integrated cicuit(s) cards with contacts. several parts, 1987–1997.Google Scholar
  10. 12.
    Lawrence C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–128, 1998.Google Scholar
  11. 13.
    G. Reggio, M. Cerioli, and E. Astesiano. An Algebraic Semantics of UML Supporting its Multiview Approach. In Proc. AMiLP 2000 of the Twente Workshop on Language Technology n. 16, Enschede, University of Twente, 2000.Google Scholar
  12. 14.
    W. Reif. The KIV-approach to Software Verification. In M. Broy and S. Jähnichen, editors, KORSO: Methods, Languages, and Tools for the Construction of Correct Software—Final Report, LNCS 1009. Springer, Berlin, 1995.CrossRefGoogle Scholar
  13. 15.
    G. Schellhorn, W. Reif, A. Schairer, P. Karger, V. Austel, and D. Toll. Verification of a formal security model for multiapplicative smart cards. In Proc. of the 6 th European Symposium on Research in Computer Security (ESORICS), LNCS 1895, pages 17–36. Springer, 2000.Google Scholar
  14. 16.
    Kurt Stenzel. Verification of JavaCard Programs. Technical report 2001-5, Institut für Informatik, Universität Augsburg, Germany, 2001. Available at http://www.Informatik.Uni-Augsburg.DE/swt/fmg/papers/.
  15. 17.
    The Object Management Group (OMG). OMG Unified Modeling Language Specification, 1999. http://www.omg.org/technology/uml.
  16. 19.
    David von Oheimb. Axiomatic semantics for Javalight in Isabelle/HOL. In S. Drossopoulou, S. Eisenbach, B. Jacobs, G. T. Leavens, P. Müller, and A. Poetzsch-Heffter, editors, Formal Techniques for Java Programs. Technical Report 269, 5/2000, Fernuniversität Hagen, Fernuniversität Hagen, 2000.Google Scholar
  17. 20.
    Benkt Wangler and Lars Bergman, editors. An Overview of RoZ: A Tool for Integrating UML and Z Specifications, volume 1789 of Lecture Notes in Computer Science. Springer, 2000.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Dominik Haneberg
    • 1
  • Wolfgang Reif
    • 1
  • Kurt Stenzel
    • 1
  1. 1.Lehrstuhl für Softwaretechnik und Programmiersprachen Institut für InformatikUniversität AugsburgAugsburgGermany

Personalised recommendations