Skip to main content
Springer Nature Link
Log in

Verification of Safety Properties in the Presence of Transactions

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3362))

Abstract

The JavaCard transaction mechanism can ensure that a sequence of statements either is executed to completion or is not executed at all. Transactions make verification of JavaCard programs considerably more difficult, because they cannot be formalised in a logic based on pre- and postconditions. The KeY system includes an interactive theorem prover for JavaCard source code that models the full JavaCard standard including transactions. Based on a case study of realistic size we show the practical difficulties encountered during verification of safety properties. We provide an assessment of current JavaCard source code verification, and we make concrete suggestions towards overcoming the difficulties by design for verification. The main conclusion is that largely automatic verification of realistic JavaCard software is possible provided that it is designed with verification in mind from the start.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and Systems Modeling (April 2004), Online First issue, to appear in print

    Google Scholar 

  2. Beckert, B.: A dynamic logic for the formal verification of JAVA CARD programs. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol. 2041, pp. 6–24. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Beckert, B., Giese, M., Habermalz, E., Hähnle, R., Roth, A., Rümmer, P., Schlager, S.: Taclets: a new paradigm for constructing interactive theorem provers. In: Revista de la Real Academia de Ciencias Exactas, Fýsicas y Naturales, Serie A: Matemáticas. Special Issue on Symbolic Computation in Logic and Artificial Intelligence, vol. 98(1) (2004)

    Google Scholar 

  4. Beckert, B., Mostowski, W.: A program logic for handling JAVA CARD’s transaction mechanism. In: Pezzé, M. (ed.) FASE 2003. LNCS, vol. 2621, pp. 246–260. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. Beckert, B., Schlager, S.: A sequent calculus for first-order dynamic logic with trace modalities. In: Goré, R.P., Leitsch, A., Nipkow, T. (eds.) IJCAR 2001. LNCS (LNAI), vol. 2083, pp. 626–641. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Beckert, B., Schlager, S.: Software verification with integrated data type refinement for integer arithmetic. In: Boiten, E.A., Derrick, J., Smith, G.P. (eds.) IFM 2004. LNCS, vol. 2999, pp. 207–226. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  7. Beckert, B., Schmitt, P.H.: Program verification using change information. In: Proceedings, Software Engineering and Formal Methods (SEFM), Brisbane, Australia, pp. 91–99. IEEE Press, Los Alamitos (2003)

    Google Scholar 

  8. Bieber, P., Cazin, J., Wiels, V., Zanon, G., Girard, P., Lanet, J.-L.: Checking secure interactions of Smart Card applets. Journal of Computer Security 10(4), 369–398 (2002)

    Google Scholar 

  9. Boyer, R.: Proving theorems about JAVA and the JVM with ACL2. In: Broy, M., Pizka, M. (eds.) Models, Algebras and Logic of Engineering Software, pp. 227–290. IOS Press, Amsterdam (2003)

    Google Scholar 

  10. Bretagne, E., Marouani, A.E., Girard, P., Lanet, J.-L.: PACAP purse and loyalty specification v0.4. Technical report, GemPlus (January 2001)

    Google Scholar 

  11. Burdy, L., Requet, A., Lanet, J.-L.: JAVA applet correctness: a developer-oriented approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 422–439. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Chen, Z.: JAVA CARD Technology for Smart Cards. Addison Wesley, Reading (2000)

    Google Scholar 

  13. Corbett, J.C., Dwyer, M.B., Hatcliff, J., Robby: A language framework for expressing checkable properties of dynamic software. In: Proc. SPIN Software Model Checking Workshop. LNCS, pp. 205–223. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  14. Darvas, Á., Hähnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. Technical Report 2004-01, Department of Computing Science, Chalmers University of Technology and Göteborg University (2004)

    Google Scholar 

  15. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for JAVA. In: Proc. ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, Berlin, pp. 234–245. ACM Press, New York (2002)

    Chapter  Google Scholar 

  16. Hähnle, R., Wallenburg, A.: Using a software testing technique to improve theorem proving. In: Petrenko, A., Ulrich, A. (eds.) FATES 2003. LNCS, vol. 2931, pp. 30–41. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Harel, D., Kozen, D., Tiuryn, J.: Dynamic Logic. MIT Press, Cambridge (2000)

    MATH  Google Scholar 

  18. Hubbers, E., Poll, E.: Reasoning about card tears and transactions in JAVA CARD. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol. 2984, pp. 114–128. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  19. Jacobs, B., Marché, C., Rauch, N.: Formal verification of a commercial smart card applet with multiple tools. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol. 3116, pp. 241–257. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  20. Jacobs, B., Poll, E.: JAVA program verification at Nijmegen: Developments and perspective. Technical report, University of Nijmegen, 20003. NIII Technical Report NIII-R0316. To appear in the proceedings of International Symposium on Software Security (ISSS 2003)

    Google Scholar 

  21. Leino, K.R.M., Stata, R.: Checking object invariants. Technical Note #1997-007, Digital Systems Research Center, Palo Alto, USA (January 1997), Available from, ftp://ftp.digital.com/pub/DEC/SRC/technical-notes/SRC-1997-007.ps.gz

  22. Marché, C., Paulin-Mohring, C., Urbain, X.: The KRAKATOA tool for certification of JAVA/JAVA CARD programs annotated in JML. Journal of Logic and Algebraic Programming 58(1-2), 89–106 (2004), http://krakatoa.lri.fr

    Article  MATH  Google Scholar 

  23. Marlet, R., Mesnil, C.: Demoney: A demonstrative electronic purse – Card specification. Technical Report SECSAFE-TL-007, Trusted Logic S.A. (November 2002)

    Google Scholar 

  24. Marlet, R., Métayer, D.L.: Security properties and JAVA CARD specificities to be studied in the SecSafe project. Technical Report SECSAFE-TL-006, Trusted Logic S.A. (August 2001)

    Google Scholar 

  25. Meyer, B.: Applying Design by Contract. IEEE Computer 25(10), 40–51 (1992)

    Google Scholar 

  26. Meyer, J., Müller, P., Poetzsch-Heffter, A.: The Jive system—implementation description (2000), Available from, http://softech.informatik.uni-kl.de/old/en/publications/jive.html

  27. Mostowski, W.: Rigorous development of JAVA CARD applications. In: Clarke, T., Evans, A., Lano, K. (eds.) Proc. Fourth Workshop on Rigorous Object- Oriented Methods, London (2002), Available from, http://www.cs.chalmers.se/~woj/papers/room2002.ps.gz

  28. Pratt, V.R.: Semantical considerations on Floyd-Hoare logic. In: Proceedings, 18th Annual IEEE Symposium on Foundation of Computer Science (1977)

    Google Scholar 

  29. Rodrýguez-Carbonell, E., Kapur, D.: Automatic generation of polynomial loop invariants for imperative programs (November 2003), Available from, http://www.lsi.upc.es/~erodri/ijcar04ex.ps

  30. Stenzel, K.: Verification of JAVA CARD Programs. Technical report 2001-5, Institut für Informatik. Universität Augsburg, Germany (2001)

    Google Scholar 

  31. Sun Microsystems, Inc. JAVA CARD 2.2 Application Programming Interface (2002)

    Google Scholar 

  32. Sun Microsystems, Inc. JAVA CARD 2.2 Runtime Environment Specification (2002)

    Google Scholar 

  33. Sun Microsystems, Inc. JAVA CARD 2.2 Virtual Machine Specification (2002)

    Google Scholar 

  34. Trentelman, K., Huisman, M.: Extending JML specifications with temporal logic. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol. 2422, pp. 334–348. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  35. von Oheimb, D.: Analyzing JAVA in Isabelle/HOL. PhD thesis, Institut für Informatik, Technische Universität München (January 2001)

    Google Scholar 

  36. Ziemann, P., Gogolla, M.: An OCL extension for formulating temporal constraints. Technical Report 1/03, Universität Bremen, Fachbereich für Mathematik und Informatik (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing Science, Chalmers University of Technology, SE-412 96, Göteborg, Sweden

    Reiner Hähnle & Wojciech Mostowski

Authors
  1. Reiner Hähnle
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wojciech Mostowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, France

    Lilian Burdy  & Marieke Huisman  & 

  3. Gemalto, France

    Jean-Louis Lanet

  4. Ecole Supérieure D’Ingénieurs de Luminy - Case 925 - ESIL Parc Scientifique, Université de la Méditerranée, 13288, Marseille, France

    Traian Muntean

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hähnle, R., Mostowski, W. (2005). Verification of Safety Properties in the Presence of Transactions. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30569-9_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24287-1

  • Online ISBN: 978-3-540-30569-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics