Industrial Use of Formal Methods for a High-Level Security Evaluation

Chetali, Boutheina; Nguyen, Quang-Huy

doi:10.1007/978-3-540-68237-0_15

Industrial Use of Formal Methods for a High-Level Security Evaluation

Boutheina Chetali¹ &
Quang-Huy Nguyen¹

Conference paper

782 Accesses
9 Citations

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5014))

Abstract

This paper presents an effective use of formal methods for the development and for the security certification of smart card software. The approach is based on the Common Criteria’s methodology that requires the use of formal methods to prove that a product implements the claimed security level. This work led to the world-first certification of a commercial Java Card^TM product involving all formal assurances needed to reach the highest security level. For this certification, formal methods have been used for the design and the implementation of the security functions of the Java Card system embedded in the product. We describe the refinement scheme used to meet the Common Criteria’s requirements on formal models and proofs. In particular, we show how to build the proof that the implementation ensures the security objectives claimed in the security specification. We also provide some lessons learned from this important application of formal methods to the smart cards industry.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

The Coq Development Team. The Coq Proof Assistant., http://coq.inria.fr/
Sun Microsystems. Java Card 2.2 Virtual Machine Specification (2002), http://www.javasoft.com/products/javacard
Sun Microsystems. Java Card 2.2 Runtime Environment Specification (2002), http://www.javasoft.com/products/javacard
Sun Microsystems. Java Card 2.2 Application Programming Interface (2002), http://www.javasoft.com/products/javacard
Nguyen, Q.-H., Chetali, B.: Certifying Native Java Card API by Formal Refinement. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 313–328. Springer, Heidelberg (2006)
Chapter Google Scholar
Andronick, J., Nguyen, Q.-H.: Certifying an Embedded Remote Method Invocation Protocol. In: Proc. of the 23th ACM Symposium on Applied Computing (SAC 2008), pp. 352–359. ACM Press, New York (2008)
Chapter Google Scholar
Sun Microsystems. Java Card System Protection Profile Collection - Version 1.1 (2003), http://java.sun.com/products/javacard/pp.html
Bundesam für Sicherheit der Informationstechnik (BSI). Evualuation methodology for CC assurance classes for EAL5+, June, Version 1.00. Ref. AIS34 (2004)
Google Scholar
Andronick, J., Chetali, B., Ly, O.: Using Coq to Verify Java Card Applet Isolation Properties. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol. 2758, pp. 335–351. Springer, Heidelberg (2003)
Chapter Google Scholar
Bert, D., Boulmé, S., Potet, M.-L., Requet, A., Voisin, L.: Adaptable Translator of B Specifications to Embedded C Programs. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 94–113. Springer, Heidelberg (2003)
Google Scholar
Andronick, J., Chetali, B., Paulin-Mohring, C.: Formal Verification of Security Properties of Smart Card Embedded Source Code. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 302–317. Springer, Heidelberg (2005)
Google Scholar
Leroy, X.: Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In: Procs. of POPL 2006, pp. 42–54. ACM Press, New York (2006)
Chapter Google Scholar
Blazy, S., Dargaye, Z., Leroy, X.: Formal verification of a c compiler front-end. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 460–475. Springer, Heidelberg (2006)
Chapter Google Scholar
Barthe, G., Dufay, G.: Formal Methods for Smartcard Security. In: Aldini, A., Gorrieri, R., Martinelli, F. (eds.) FOSAD 2005. LNCS, vol. 3655, pp. 133–177. Springer, Heidelberg (2005)
Chapter Google Scholar
Hartel, P.H., Moreau, L.: Formalising the Safety of Java, the Java Virtual Machine and Java Card. ACM Computing Surveys 33(4), 517–558 (2001)
Article Google Scholar
Common Criteria, http://www.commoncriteria.org/

Download references

Author information

Authors and Affiliations

Gemalto, Security Labs, 6 rue de la Verrerie, 92197, Meudon Cedex, France
Boutheina Chetali & Quang-Huy Nguyen

Authors

Boutheina Chetali
View author publications
You can also search for this author in PubMed Google Scholar
Quang-Huy Nguyen
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Jorge Cuellar Tom Maibaum Kaisa Sere

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chetali, B., Nguyen, QH. (2008). Industrial Use of Formal Methods for a High-Level Security Evaluation. In: Cuellar, J., Maibaum, T., Sere, K. (eds) FM 2008: Formal Methods. FM 2008. Lecture Notes in Computer Science, vol 5014. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68237-0_15

Download citation

DOI: https://doi.org/10.1007/978-3-540-68237-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68235-6
Online ISBN: 978-3-540-68237-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics