Skip to main content
SpringerLink
Log in

Formal Verification of Security Properties of Smart Card Embedded Source Code

  • Conference paper
FM 2005: Formal Methods (FM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3582))

Included in the following conference series:

Abstract

This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. The method presented uses the Caduceus tool, built on top of the Why tool. Caduceus enables the verification of an annotated C program and provides a validation process that we used to generate a high level formal model of the C source code. This method is illustrated by an example extracted from the verification of a smart card embedded operating system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and System Modeling (2004) (to appear in print); Online First issue, http://www.key-project.org/

  2. Andronick, J., Chetali, B., Ly, O.: Formal Verification of the Integrity Property in Java Card Technology. In: International Conference on Research in Smart Cards (Esmart 2003) (September 2003)

    Google Scholar 

  3. Andronick, J., Chetali, B., Ly, O.: Using Coq to Verify Java Cardformula_image Applet Isolation Properties. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 335–351. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. The Bali project, http://isabelle.in.tum.de/bali/

  5. Bartetzko, D., Fischer, C., Möller, M., Wehrheim, H.: Jass - Java with Assertions. In: Havelund, K., Rosu, G. (eds.) Workshop on Runtime Verification 2001, July 2001. Electronic Notes in Theoretical Computer Science, vol. 55, Elsevier Science, Amsterdam (2001), http://csd.informatik.uni-oldenburg.de/~jass/

    Google Scholar 

  6. Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Pavlova, M.: Enforcing High-Level Security Properties For Applets. In: Sixth Smart Card Research and Advanced Application IFIP Conference (CARDIS 2004) (August 2004)

    Google Scholar 

  7. Barthe, G., Dufay, G., Jakubiec, L., Serpette, B.P., de Sousa, S.M.: A Formal Executable Semantics of the JavaCard Platform. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 302–319. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  8. Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C Programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 94–113. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Bornat, R.: Proving Pointer Programs in Hoare Logic. In: Backhouse, R., Oliveira, J.N. (eds.) MPC 2000. LNCS, vol. 1837, pp. 102–126. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  10. Burdy, L., Casset, L., Requet, A.: Formal Development of an Embedded Verifier for Java Card Byte Code. In: Proceedings of the 2002 International Conference on Dependable Systems and Networks (DSN 2002), pp. 51–58. IEEE Computer Society Press, Los Alamitos (2002)

    Google Scholar 

  11. Burdy, L., Lanet, J.-L., Requet, A.: Java Applet Correctness: A Developer-Oriented Approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Burdy, L., Requet, A.: Jack: Java Applet Correctness Kit (November 2002)

    Google Scholar 

  13. Burstall, R.: Some Techniques for Proving Correctness of Programs which Alter Data Structures. Machine Intelligence 7, 23–50 (1972)

    MATH  Google Scholar 

  14. Casset, L.: Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods. In: Eriksson, L.-H., Lindsay, P.A. (eds.) FME 2002. LNCS, vol. 2391, pp. 290–309. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  15. The Caveat Project, http://www-drt.cea.fr/Pages/List/lse/LSL/Caveat/index.html/

  16. Chetali, B., Loiseaux, C., Gimenez, E., Ly, O.: An Interpretation of the Common Criteria EAL7 level: Formal Modeling of the Java Card Virtual Machine. In: 3rd International Common Criteria Conference (ICCC 2002) (May 2002)

    Google Scholar 

  17. ESC/Java, http://research.compaq.com/SRC/esc/

  18. ESC/Java2, http://www.sos.cs.ru.nl/research/escjava

  19. Filliâtre, J.-C.: The Why Verification Tool, http://why.lri.fr/

  20. Filliâtre, J.-C.: Verification of Non-Functional Programs using Interpretations in Type Theory. Journal of Functional Programming 13(4), 709–745 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  21. Filliâtre, J.-C., Marché, C.: The Caduceus tool for the Verification of C Programs, http://why.lri.fr/caduceus/

  22. Filliâtre, J.-C., Marché, C.: Multi-Prover Verification of C Programs. In: Davies, J., Schulte, W., Barnett, M. (eds.) ICFEM 2004. LNCS, vol. 3308, pp. 15–29. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Hammad, A., Requet, A., Tatibouët, B., Voisinet, J.-C.: Java Card Code Generation from B Specifications. In: Dong, J.S., Woodcock, J. (eds.) ICFEM 2003. LNCS, vol. 2885, pp. 306–318. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  24. Huisman, M., Trentelman, K.: Extending JML Specifications with Temporal Logic. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 334–348. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  25. Leavens, G.T., Rustan, K., Leino, M., Poll, E., Ruby, C., Jacobs, B.: JML: Notations and Tools Supporting Detailed Design in Java. In: OOPSLA 2000 Companion, October 2000, pp. 105–106. ACM, New York (2000)

    Google Scholar 

  26. Loop, http://www.sos.cs.ru.nl/research/loop

  27. Marché, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa Tool for Java Program Verification (2002), http://krakatoa.lri.fr/

  28. The PVS system, http://pvs.csl.sri.com/

  29. Requet, A., Bossu, G.: Embedding Formally Proved Code in a Smart Card: Converting B to C. In: Third International Conference on Formal Engineering Methods (ICFEM 2000), pp. 15–24. IEEE Press, Los Alamitos (2000)

    Chapter  Google Scholar 

  30. The Simplify decision procedure (part of ESC/Java), http://research.compaq.com/SRC/esc/simplify/Simplify.1.html

  31. Static Source Code Analysis Tools for C, http://www.spinroot.com/static/

  32. The Coq Development Team LogiCal Project. The Coq Proof Assistant Reference Manual, http://pauillac.inria.fr/coq/doc/main.html

  33. von Oheimb, D., Nipkow, T.: Machine-checking the Java Specification: Proving Type-Safety. In: Alves-Foss, J. (ed.) Formal Syntax and Semantics of Java. LNCS, vol. 1523, pp. 119–156. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Axalto, Smart Cards Research, 36-38, rue de la Princesse, BP45, Louveciennes Cedex, 78431, France

    June Andronick & Boutheina Chetali

  2. Laboratoire de Recherche en Informatique, UMR 8623 CNRS, Université Paris-Sud, Bâtiment 490, F-91405, Orsay Cedex, France

    Christine Paulin-Mohring

Authors
  1. June Andronick
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Boutheina Chetali
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christine Paulin-Mohring
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computing Science, Newcastle University, NE1 7RU, Newcastle, UK

    John Fitzgerald

  2. School of Information Technology and Electrical Engineering, The University of Queensland, Australia

    Ian J. Hayes

  3. Institute of Computer Science, Polish Academy of Sciences,  

    Andrzej Tarlecki

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Andronick, J., Chetali, B., Paulin-Mohring, C. (2005). Formal Verification of Security Properties of Smart Card Embedded Source Code. In: Fitzgerald, J., Hayes, I.J., Tarlecki, A. (eds) FM 2005: Formal Methods. FM 2005. Lecture Notes in Computer Science, vol 3582. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11526841_21

Download citation

  • DOI: https://doi.org/10.1007/11526841_21

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-27882-5

  • Online ISBN: 978-3-540-31714-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation