A Formal Specification of the MIDP 2.0 Security Model

  • Santiago Zanella Béguelin
  • Gustavo Betarte
  • Carlos Luna
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4691)

Abstract

This paper presents, to the best of our knowledge, the first formal specification of the application security model defined by the Mobile Information Device Profile 2.0 for Java 2 Micro Edition. The specification, which has been formalized in Coq, provides an abstract representation of the state of a device and the security-related events that allows to reason about the security properties of the platform where the model is deployed. We state and sketch the proof of some desirable properties of the security model. Although the abstract specification is not executable, we describe a refinement methodology that leads to an executable prototype.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    JSR 37 Expert Group: Mobile Information Device Profile for Java 2 Micro Edition. Version 1.0. Sun Microsystems, Inc. (2000)Google Scholar
  2. 2.
    JSR 118 Expert Group: Mobile Information Device Profile for Java 2 Micro Edition. Version 2.0. Sun Microsystems, Inc. and Motorola, Inc. (2002)Google Scholar
  3. 3.
    Kolsi, O., Virtanen, T.: MIDP 2.0 security enhancements. In: Proceedings of the 37th Annual Hawaii International Conference on System Sciences, Washington, DC, USA. IEEE Computer Society, Los Alamitos (2004) 90287.3Google Scholar
  4. 4.
    Debbabi, M., Saleh, M., Talhi, C., Zhioua, S.: Security analysis of wireless Java. In: Proceedings of the 3rd Annual Conference on Privacy, Security and Trust (2005)Google Scholar
  5. 5.
    The Coq Development Team: The Coq Proof Assistant Reference Manual – Version V8.0. (2004)Google Scholar
  6. 6.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development. Coq’Art: The Calculus of Inductive Constructions. In: Texts in Theoretical Computer Science, Springer, Heidelberg (2004)Google Scholar
  7. 7.
    Zanella Béguelin, S.: Especificación formal del modelo de seguridad de MIDP 2.0 en el Cálculo de Construcciones Inductivas. Master’s thesis, Universidad Nacional de Rosario (2006)Google Scholar
  8. 8.
    Zanella Béguelin, S., Betarte, G., Luna, C.: A formal specification of the MIDP 2.0 security model. Technical Report 06-09, Instituto de Computación, Facultad de Ingeniería, Universidad de la República, Uruguay (2006)Google Scholar
  9. 9.
    Spivey, J.M.: The Z Notation: A Reference Manual. In: International Series in Computer Science, Prentice Hall, Hemel Hempstead, Hertfordshire, UK (1989)Google Scholar
  10. 10.
    Back, R.J., von Wright, J.: Refinement Calculus: A Systematic Introduction. In: Graduate Texts in Computer Science, Springer, Heidelberg (1998)Google Scholar
  11. 11.
    Morgan, C.: Programming from specifications. Prentice-Hall Inc., Upper Saddle River (1990)MATHGoogle Scholar
  12. 12.
    Besson, F., Dufay, G., Jensen, T.: A formal model of access control for mobile interactive devices. In: Gollmann, D., Meier, J., Sabelfeld, A. (eds.) ESORICS 2006. LNCS, vol. 4189, Springer, Heidelberg (2006) (to appear)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Santiago Zanella Béguelin
    • 1
  • Gustavo Betarte
    • 2
  • Carlos Luna
    • 2
  1. 1.INRIA Sophia Antipolis, 06902 Sophia Antipolis CedexFrance
  2. 2.InCo, Facultad de Ingeniería, Universidad de la República, MontevideoUruguay

Personalised recommendations