Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods

Casset, Ludovic

doi:10.1007/3-540-45614-7_17

Ludovic Casset⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2391))

Included in the following conference series:

International Symposium of Formal Methods Europe

280 Accesses
17 Citations

Abstract

The Java security policy is implemented using security components such as a Java Virtual Machine (JVM), API, verifier, and a loader. It is of prime importance to ensure that these components are implemented in accordance with their specifications. Formal methods can be used to bring the mathematical proof that their implementation corresponds to their specification. In this paper, we introduce the formal development of a complete byte code verifier for Java Card and its on-card integration. In particular, we aim to focus on the model and the proof of the complete type verifier for the Java Card language. The global architecture of the verification process implemented in this real industrial case study is described and the detailed specification of the type verifier is discusses as well as its proof. Moreover, this paper presents a comparison between formal and traditional development, summing up the pros and cons of using formal methods in industry.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

J.R. Abrial, The B Book, Assigning Programs to Meanings, Cambridge University Press, 1996.
Google Scholar
Y. Bertot, A Coq formalization of a Type Checker for Object Initialization in the Java Virtual Machine, Research Report, INRIA Sophia Antipolis, 2001.
Google Scholar
L. Casset, J.-L. Lanet, A Formal Specification of the Java Byte Code Semantics using the B method, Proceedings of the ECOOP’99 workshop on Formal Techniques for Java Programs, Lisbon, June 1999.
Google Scholar
L. Casset, Formal Implementation of a Verification Algorithm Using the B Method, Proceedings of AFADL01, Nancy, France, June 2001
Google Scholar
A. Coglio, Z. Qian and A. Goldberg, Towards a Provably-correct Implementation of the JVM Bytecode Verifier, In Proc. DARPA Information Survivability Conference and Exposition (DISCEX’00), Vol. 2, pages 403–410, IEEE Computer Society, 2000.
Article Google Scholar
G. Klein, T. Nipkow, Verified Lightweight Bytecode Verification, in ECOOP 2000 Workshop on Formal Techniques for Java Programs, pp. 35–42, Cannes, June 2000.
Google Scholar
X. Leroy, On-Card Byte Code Verification for Java Card, Proceedings of e-Smart, Cannes, France, September 2001.
Google Scholar
X. Leroy, Bytecode Verification on Java smart Cards, to appear in Software Practice and Experience, 2002.
Google Scholar
T. Lindholm, F. Yellin, The Java Virtual Machine Specification, Addison Wesley, 1996
Google Scholar
G. Necula, P. Lee, Proof-Carrying Code, in 24^th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 106–119, Paris, France, 1997. http://www-nt.cs.berkeley.edu/home/necula/public_html/popl97.ps.gz
T. Nipkow, Verified Byte code Verifiers, Fakultät für Informatik, Technische Universität München, 2000. http://www.in.tum.de/~nipkow
C. Pusch, Proving the Soundness of a Java Bytecode Verifier in Isabelle/HOL, In OOPSLA’98 Workshop Formal Underpinnings of Java, 1998.
Google Scholar
C. Pusch, T. Nipkow, D. von Oheimb, microJava: Embedding a Programming Language in a Theorem Prover. In Foundations of Secure Computation, IOS Press, 2000.
Google Scholar
Z. Qian, A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subroutines. In Jim Alves-Foss, editor, Formal Syntax and Semantics of Java, volume 1523 of Lecture Notes in Computer Science, pages 271–312. Springer, 1999.
Chapter Google Scholar
A. Requet, L. Casset, G. Grimaud, Application of the B Formal Method to the Proof of a Type Verification Algorithm, HASE 2000, Albuquerque, November 2000.
Google Scholar
E. Rose, K. H. Rose, Lightweight Bytecode Verification, in Formal Underpinnings of Java, OOPSLA’98 Workshop, Vancouver, Canada, October. 1998. http://www-dse.doc.ic.ac.uk/~sue/oopsla/rose.f.ps
Java Card 2.1.1 Virtual Machine Specification, Sun Microsystem, 2000.
Google Scholar
Connected, Limited Device Configuration, Specification 1.0a, Java 2 Platform Micro Edition, Sun Microsystems, 2000.
Google Scholar

Download references

Author information

Authors and Affiliations

Gemplus Research Laboratory, Av du Pic de Bretagne, 13881, Gémenos cedex, BP 100
Ludovic Casset

Authors

Ludovic Casset
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Information Technology, Uppsala University, P.O. Box 337, 751 05, Uppsala, Sweden
Lars-Henrik Eriksson
Software Verification Research Centre, The University of Queensland, Queensland, 4072, Australia
Peter Alexander Lindsay

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Casset, L. (2002). Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods. In: Eriksson, LH., Lindsay, P.A. (eds) FME 2002:Formal Methods—Getting IT Right. FME 2002. Lecture Notes in Computer Science, vol 2391. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45614-7_17

Download citation

DOI: https://doi.org/10.1007/3-540-45614-7_17
Published: 09 July 2002
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43928-8
Online ISBN: 978-3-540-45614-8
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics