Abstract
This paper reports on the use of the Coq proof assistant for the formal verification of applet isolation properties in Java Card technology. We focus on the confidentiality property. We show how this property is verified by the card manager and the APIs, extending our former proof addressing the Java Card virtual machine. We also show how our verification method allows to complete specifications and to enhance the secure design of the platform. For instance, we describe how the proof of the integrity puts the light on a known bug. Finally, we present the benefits of the use of high order modelling to handle the complexity of the system, to prove security properties and eventually to construct generic re-usable proof architectures.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andronick, J., Chetali, B., Ly, O.: Formal Verification of the Confidentiality Property in Java CardTM Technology. Submitted at Journal of Logic and Algebraic Programming
Barthe, G., Dufay, G., Huisman, M., de Sousa, S.M.: Jakarta: a Toolset to Reason about the JavaCard Platform. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 2–18. Springer, Heidelberg (2001)
Barthe, G., Dufay, G., Jakubiec, L., de Sousa, S.M.: A Formal Correspondence between Offencive and Defensive JavaCard Virtual Machine. In: Cortesi, A. (ed.) VMCAI 2002. LNCS, vol. 2294, pp. 32–45. Springer, Heidelberg (2002)
Barthe, G., Dufay, G., Jakubiec, L., Serpette, B., de Sousa, S.M.: A Formal Executable Semantics of the JavaCard Platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)
Betarte, G., Chetali, B., Gimenez, E., Loiseaux, C.: Formavie: Formal Modelling and Verification of the JavaCard 2.1.1 Security Architecture. In: E-SMART 2002, pp. 213–231 (2002)
Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide. Addison Wesley, Reading (2000)
Dam, M., Giambiagi, P.: Confidentiality for Mobile Code: The Case of a Simple Payment Protocol. In: 13th IEEE Computer Security Foundations Workshop, July 2000, pp. 233–244. IEEE Computer Society Press, Los Alamitos (2000)
Goguen, J.A., Meseguer, J.: Security Policy and Security Models. In: Proc. of the 1982 Symposium on Security and Privacy, pp. 11–20. IEEE Computer Society Press, Los Alamitos (1982)
Goguen, J.A., Meseguer, J.: Unwinding and interference control. In: Proc. of the 1982 Symposium on Security and Privacy, pp. 75–86. IEEE Computer Society Press, Los Alamitos (1984)
McGrow, G., Felten, E.: Securing Java: Getting Down to Business with Mobile Code. John Wiley & Sons, Chichester (1999)
Sun Microsystems. Java Card 2.1.1 Specification (2000), http://java.sun.com/products/javacard/
Sun Microsystems. Java Card 2.2 API Specification (2002), http://java.sun.com/products/javacard/
Müller, P., Poetzsch-Heffter, A.: A Type System for Checking Applet Isolation in Java Card. In: Drossopoulou, S., et al. (eds.) Proceedings of FTfJP 2001 (2001)
Oaks, S.: Java Security. O’Reilly, Sebastopol (1998)
Poll, E., Hartel, P., de Jong, E.: A Java Reference Model of Transacted Memory for Smart Cards. In: Fifth Smart Card Research and Advanced Application Conf, CARDIS 2002 (2002) (to appear), See http://www.cs.kun.nl/VerifiCard/files/publications.html
Poll, E., van den Berg, J., Jacobs, B.: Formal specification of the Java Card API in JML: the APDU class. Computer Networks 36(4), 407–421 (2001)
The Coq Development Team LogiCal Project. The Coq Proof Assistant Reference Manual, http://pauillac.inria.fr/coq/doc/main.html
Rushby, J.: Noninterference, transitivity, and channel-control security policies (December 1992)
van den Berg, J., Jacobs, B.: The LOOP compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 299–312. Springer, Heidelberg (2001)
van den Berg, J., Jacobs, B., Poll, E.: Formal Specification and Verification of JavaCard’s Application Identifier Class. In: Proceedings of the Java Card 2000 Workshop (2000), http://www.irisa.fr/lande/jensen/jcw-program.html
Venners, B.: Inside the Java Virtual Machine. McGraw-Hill, New York (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Andronick, J., Chetali, B., Ly, O. (2003). Using Coq to Verify Java CardTM Applet Isolation Properties. In: Basin, D., Wolff, B. (eds) Theorem Proving in Higher Order Logics. TPHOLs 2003. Lecture Notes in Computer Science, vol 2758. Springer, Berlin, Heidelberg. https://doi.org/10.1007/10930755_22
Download citation
DOI: https://doi.org/10.1007/10930755_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40664-8
Online ISBN: 978-3-540-45130-3
eBook Packages: Springer Book Archive