Abstract
This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. The method presented uses the Caduceus tool, built on top of the Why tool. Caduceus enables the verification of an annotated C program and provides a validation process that we used to generate a high level formal model of the C source code. This method is illustrated by an example extracted from the verification of a smart card embedded operating system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling (2004) (to appear in print); Online First issue, http://www.key-project.org/
Andronick, J., Chetali, B., Ly, O.: Formal Verification of the Integrity Property in Java Card Technology. In: International Conference on Research in Smart Cards (Esmart 2003) (September 2003)
Andronick, J., Chetali, B., Ly, O.: Using Coq to Verify Java Cardformula_image Applet Isolation Properties. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 335–351. Springer, Heidelberg (2003)
The Bali project, http://isabelle.in.tum.de/bali/
Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass - Java with Assertions. In: Havelund, K., Rosu, G. (eds.) Workshop on Runtime Verification 2001, July 2001. Electronic Notes in Theoretical Computer Science, vol. 55, Elsevier Science, Amsterdam (2001), http://csd.informatik.uni-oldenburg.de/~jass/
Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Pavlova, M.: Enforcing High-Level Security Properties For Applets. In: Sixth Smart Card Research and Advanced Application IFIP Conference (CARDIS 2004) (August 2004)
Barthe, G., Dufay, G., Jakubiec, L., Serpette, B.P., de Sousa, S.M.: A Formal Executable Semantics of the JavaCard Platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)
Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C Programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 94–113. Springer, Heidelberg (2003)
Bornat, R.: Proving Pointer Programs in Hoare Logic. In: Backhouse, R., Oliveira, J.N. (eds.) MPC 2000. LNCS, vol. 1837, pp. 102–126. Springer, Heidelberg (2000)
Burdy, L., Casset, L., Requet, A.: Formal Development of an Embedded Verifier for Java Card Byte Code. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN 2002), pp. 51–58. IEEE Computer Society Press, Los Alamitos (2002)
Burdy, L., Lanet, J.-L., Requet, A.: Java Applet Correctness: A Developer-Oriented Approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)
Burdy, L., Requet, A.: Jack: Java Applet Correctness Kit (November 2002)
Burstall, R.: Some Techniques for Proving Correctness of Programs which Alter Data Structures. Machine Intelligence 7, 23–50 (1972)
Casset, L.: Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 290–309. Springer, Heidelberg (2002)
The Caveat Project, http://www-drt.cea.fr/Pages/List/lse/LSL/Caveat/index.html/
Chetali, B., Loiseaux, C., Gimenez, E., Ly, O.: An Interpretation of the Common Criteria EAL7 level: Formal Modeling of the Java Card Virtual Machine. In: 3rd International Common Criteria Conference (ICCC 2002) (May 2002)
ESC/Java, http://research.compaq.com/SRC/esc/
ESC/Java2, http://www.sos.cs.ru.nl/research/escjava
Filliâtre, J.-C.: The Why Verification Tool, http://why.lri.fr/
Filliâtre, J.-C.: Verification of Non-Functional Programs using Interpretations in Type Theory. Journal of Functional Programming 13(4), 709–745 (2003)
Filliâtre, J.-C., Marché, C.: The Caduceus tool for the Verification of C Programs, http://why.lri.fr/caduceus/
Filliâtre, J.-C., Marché, C.: Multi-Prover Verification of C Programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)
Hammad, A., Requet, A., Tatibouët, B., Voisinet, J.-C.: Java Card Code Generation from B Specifications. In: Dong, J.S., Woodcock, J. (eds.) ICFEM 2003. LNCS, vol. 2885, pp. 306–318. Springer, Heidelberg (2003)
Huisman, M., Trentelman, K.: Extending JML Specifications with Temporal Logic. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 334–348. Springer, Heidelberg (2002)
Leavens, G.T., Rustan, K., Leino, M., Poll, E., Ruby, C., Jacobs, B.: JML: Notations and Tools Supporting Detailed Design in Java. In: OOPSLA 2000 Companion, October 2000, pp. 105–106. ACM, New York (2000)
Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa Tool for Java Program Verification (2002), http://krakatoa.lri.fr/
The PVS system, http://pvs.csl.sri.com/
Requet, A., Bossu, G.: Embedding Formally Proved Code in a Smart Card: Converting B to C. In: Third International Conference on Formal Engineering Methods (ICFEM 2000), pp. 15–24. IEEE Press, Los Alamitos (2000)
The Simplify decision procedure (part of ESC/Java), http://research.compaq.com/SRC/esc/simplify/Simplify.1.html
Static Source Code Analysis Tools for C, http://www.spinroot.com/static/
The Coq Development Team LogiCal Project. The Coq Proof Assistant Reference Manual, http://pauillac.inria.fr/coq/doc/main.html
von Oheimb, D., Nipkow, T.: Machine-checking the Java Specification: Proving Type-Safety. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, pp. 119–156. Springer, Heidelberg (1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Andronick, J., Chetali, B., Paulin-Mohring, C. (2005). Formal Verification of Security Properties of Smart Card Embedded Source Code. In: Fitzgerald, J., Hayes, I.J., Tarlecki, A. (eds) FM 2005: Formal Methods. FM 2005. Lecture Notes in Computer Science, vol 3582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11526841_21
Download citation
DOI: https://doi.org/10.1007/11526841_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-27882-5
Online ISBN: 978-3-540-31714-2
eBook Packages: Computer ScienceComputer Science (R0)