Skip to main content
SpringerLink
Log in

Tool-Assisted Specification and Verification of the JavaCard Platform

  • Conference paper
  • First Online:
Algebraic Methodology and Software Technology (AMAST 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2422))

Abstract

Bytecode verification is one of the key security functions of the JavaCard architecture. Its correctness is often cast relatively to a defensive virtual machine that performs checks at run-time, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. We review the process of establishing such a correctness statement in a proof assistant, and focus in particular on the problemof automating the construction of an offensive virtual machine and a bytecode verifier from a defensive machine.

On leave fromU niversity of Beira Interior-Portugal, and partially supported by the Portuguese research grant sfrh/bd/790/2000.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. C. Alvarado and Q.-H. Nguyen. ELAN for equational reasoning in COQ. In J. Despeyroux, editor, Proceedings of LFM’00, 2000. Rapport Technique INRIA.

    Google Scholar 

  2. D. Aspinall and A. Compagnoni. Heap-bound assembly language. Manuscript, 2001.

    Google Scholar 

  3. F. Baader and T. Nipkow. Term Rewriting and All That. Cambridge University Press, 1998.

    Google Scholar 

  4. A. Banerjee and D. A. Naumann. Secure Information Flow and Pointer Confinement in a Java-like Language. In Proceedings of CSFW’02. IEEE Computer Society Press, 2002.

    Google Scholar 

  5. G. Barthe and P. Courtieu. Efficient Reasoning about Executable Specifications in Coq. In C. Muñoz and S. Tahar, editors, Proceedings of TPHOLs’02, volume 2xxx of Lecture Notes in Computer Science. Springer-Verlag, 2002. To appear.

    Google Scholar 

  6. G. Barthe, G. Dufay, M. Huisman, and S. Melo de Sousa. Jakarta: a toolset to reason about the JavaCard platform. In I. Attali and T. Jensen, editors, Proceedings of e-SMART’01, volume 2140 of Lecture Notes in Computer Science, pages 2–18. Springer-Verlag, 2001.

    Google Scholar 

  7. G. Barthe, G. Dufay, L. Jakubiec, and S. Melo de Sousa. A formal correspondence between offensive and defensive JavaCard virtual machines. In A. Cortesi, editor, Proceedings of VMCAI’02, volume 2294 of Lecture Notes in Computer Science, pages 32–45. Springer-Verlag, 2002.

    Google Scholar 

  8. G. Barthe, G. Dufay, L. Jakubiec, B. Serpette, and S. Melo de Sousa. A Formal Executable Semantics of the JavaCard Platform. In D. Sands, editor, Proceedings of ESOP’01, volume 2028 of Lecture Notes in Computer Science, pages 302–319. Springer-Verlag, 2001.

    Google Scholar 

  9. J. van den Berg and B. Jacobs. The LOOP Compiler for Java and JML. In T. Margaria and W. Yi, editors, Proceedings of TACAS’01, volume 2031 of Lecture Notes in Computer Science, pages 299–312, 2001.

    Google Scholar 

  10. M. Bezem, J. W. Klop, and R. de Vrijer, editors. Term Rewriting Systems. Cambridge Tracts in Theoretical Computer Science. Cambridge University Press, 2002.

    Google Scholar 

  11. P. Bieber, J. Cazin, V. Wiels, G. Zanon, P. Girard, and J.-L. Lanet. Electronic Purse Applet Certification. In S. Schneider and P. Ryan, editors, Proceedings of the Workshop on Secure Architectures and Information Flow, volume 32 of Electronic Notes in Theoretical Computer Science. Elsevier Publishing, 2000.

    Google Scholar 

  12. A. Bouhoula. Automated theorem proving by test set induction. Journal of Symbolic Computation, 23(1):47–77, January 1997.

    Article  MATH  MathSciNet  Google Scholar 

  13. L. Casset. Development of an Embedded Verifier for JavaCard ByteCode using Formal Methods. In L.-H. Eriksson and P. A. Lindsay, editors, Proceedings of FME’02, Lecture Notes in Computer Science, 2002. To appear.

    Google Scholar 

  14. L. Casset, L. Burdy, and A. Requet. Formal Development of an Embedded Verifier for JavaCard ByteCode. In Proceedings of DSN’02. IEEE Computer Society, 2002.

    Google Scholar 

  15. L. Casset and J.-L. Lanet. A Formal Specification of the Java Byte Code Semantics using the B Method. In B. Jacobs, G. T. Leavens, P. Müller, and A. Poetzsch-Heffter, editors, Proceedings of Formal Techniques for Java Programs. Technical Report 251, Fernuniversität Hagen, 1999.

    Google Scholar 

  16. Z. Chen. Java Card for Smart Cards: Architecture and Programmer’s Guide. The Java Series. O’Reilly, 2000.

    Google Scholar 

  17. Y. Cheon and G. T. Leavens. A Simple and Practical Approach to Unit Testing: The JML and JUnit Way. In B. Magnusson, editor, Proceedings of ECOOP’02, volume 2374 of Lecture Notes in Computer Science, pages 231–255, 2002.

    Google Scholar 

  18. Coq Development Team. The Coq Proof Assistant User’s Guide. Version 7.2, January 2002.

    Google Scholar 

  19. J. Corbett, M. Dwyer, J. Hatcli., C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: Extracting Finite-state Models from Java Source Code. In Proceedings of ICSE’00, pages 439–448. ACM Press, 2000.

    Google Scholar 

  20. K. Crary and G. Morrisett. Type structure for low-level programming languages. In J. Wiedermann, P. van Emde Boas, and M. Nielsen, editors, Proceedings of ICALP’99, volume 1644 of Lecture Notes in Computer Science, pages 40–54, 1999.

    Google Scholar 

  21. S. N. Freund and J. C. Mitchell. The type systemfor object initialization in the Java bytecode language. ACM Transactions on Programming Languages and Systems, 21(6):1196–1250, November 1999.

    Article  Google Scholar 

  22. E. Giménez and O. Ly. Formal modeling and verification of the java card security architecture: from static checkings to embedded applet execution, 2002. Talk delivered at the Verificard’02 meeting, Marseille, 7–9 January 2002. Slides available at http://www-sop.inria.fr/lemme/verificard/2002/programme.html.

  23. P. Hartel and L. Moreau. Formalizing the Safety of Java, the Java Virtual Machine and Java Card. ACM Computing Surveys, 33(4):517–558, December 2001.

    Article  Google Scholar 

  24. G. Klein and T. Nipkow. Verified bytecode verifiers. Theoretical Computer Science, 2002. Submitted.

    Google Scholar 

  25. Gemplus Research Labs. Java Card Common Criteria Certification Using Coq. Technical Report, 2001.

    Google Scholar 

  26. J.-L. Lanet and A. Requet. Formal Proof of Smart Card Applets Correctness. In J.-J. Quisquater and B. Schneier, editors, Proceedings of CARDIS’98, volume 1820 of Lecture Notes in Computer Science, pages 85–97. Springer-Verlag, 1998.

    Google Scholar 

  27. C. Laneve. A Type Systemfor JVM Threads. Theoretical Computer Science, 200x. To appear.

    Google Scholar 

  28. K. R. M. Leino. Extended Static Checking: A Ten-Year Perspective. In R. Wilhelm, editor, Informatics-10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science, pages 157–175, 2001.

    Google Scholar 

  29. X. Leroy. Java bytecode verification: an overview. In G. Berry, H. Comon, and A. Finkel, editors, Proceedings of CAV’01, volume 2102 of Lecture Notes in Computer Science, pages 265–285. Springer-Verlag, 2001.

    Google Scholar 

  30. X. Leroy. On-card bytecode verification for Java card. In I. Attali and T. Jensen, editors, Proceedings e-Smart 2001, volume 2140, pages 150–164. Springer-Verlag, 2001.

    Google Scholar 

  31. X. Leroy, D. Doligez, J. Garrigue, D. Rémy, and J. Vouillon. The Objective Caml system, release 3.00, 2000.

    Google Scholar 

  32. G. C. Necula. Proof-carrying code. In Proceedings of POPL’97, pages 106–119. ACM Press, 1997.

    Google Scholar 

  33. T. Nipkow. Verified Bytecode Verifiers. In F. Honsell and M. Miculan, editors, Proceedings of FOSSACS’01, volume 2030 of Lecture Notes in Computer Science, pages 347–363. Springer-Verlag, 2001.

    Google Scholar 

  34. T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic, volume 2283 of Lecture Notes in Computer Science. Springer-Verlag, 2002.

    MATH  Google Scholar 

  35. J. Posegga and H. Vogt. Byte Code Verification for Java Smart Cards Based on Model Checking. In J.-J. Quisquater, Y. Deswarte, C. Meadows, and D. Gollmann, editors, Proceedings of the ESORICS’98, volume 1485 of Lecture Notes in Computer Science, pages 175–190. Springer-Verlag, 1998.

    Google Scholar 

  36. A. Requet. A B Model for Ensuring Soundness of a Large Subset of the Java Card Virtual Machine. In S. Gnesi, I. Schieferdecker, and A. Rennoch, editors, Proceedings of FMICS’00, pages 29–46, 2000.

    Google Scholar 

  37. N. Shankar, S. Owre, and J. M. Rushby. The PVS Proof Checker: A Reference Manual. Computer Science Laboratory, SRI International, February 1993. Supplemented with the PVS2 Quick Reference Manual, 1997.

    Google Scholar 

  38. R. Stata and M. Abadi. A type systemfor Java bytecode subroutines. ACM Transactions on Programming Languages and Systems, 21(1):90–137, January 1999.

    Article  Google Scholar 

  39. Sun Microsystems, Inc., Palo Alto/CA, USA. Java Card Platform Security, 2001. Technical White Paper.

    Google Scholar 

  40. Sun Microsystems, Inc., Palo Alto/CA, USA. Java Card 2.2 Application Programming Interface (API), 2002.

    Google Scholar 

  41. Sun Microsystems, Inc., Palo Alto/CA, USA. Java Card 2.2 Runtime Environment (JCRE) Specification, 2002.

    Google Scholar 

  42. Sun Microsystems, Inc., Palo Alto/CA, USA. Java Card 2.2 Virtual Machine Specification, 2002.

    Google Scholar 

  43. K. N. Swadi and A. W. Appel. Typed machine language and its semantics. Manuscript, 2001.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. INRIA Sophia-Antipolis, France

    Gilles Barthe, Pierre Courtieu, Guillaume Dufay & Simão Melo de Sousa

Authors
  1. Gilles Barthe
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre Courtieu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Dufay
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Simão Melo de Sousa
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. LORIA - CNRS & INRIA, Campus Scientifique, Bâtiment LORIA, BP 239, 54506, Vandoeuvre-lès-Nancy, France

    Hélène Kirchner

  2. LORIA - INRIA, 615, rue du Jardin Botanique, 54602, Villers-lès-Nancy, France

    Christophe Ringeissen

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Barthe, G., Courtieu, P., Dufay, G., de Sousa, S.M. (2002). Tool-Assisted Specification and Verification of the JavaCard Platform. In: Kirchner, H., Ringeissen, C. (eds) Algebraic Methodology and Software Technology. AMAST 2002. Lecture Notes in Computer Science, vol 2422. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45719-4_4

Download citation

  • DOI: https://doi.org/10.1007/3-540-45719-4_4

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44144-1

  • Online ISBN: 978-3-540-45719-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation