10.1.1.4.1760 - The use of B for Smart Card Jean-Louis...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
The use of B for Smart Card Jean-Louis LANET Gemplus Research Lab, Av. du Pic de Bertagne, 13881 Gémenos cedex BP 100. [email protected] 1. Introduction In a previous paper [Lan-00] we stated that smart cards could be the ideal domain for applying formal methods. We said that the need of formal methods has three origins: mastering the complexity of the new operating systems, certifying at a high level a part of the smart card and reducing the cost of the validation. We believed that these reasons were enough to introduce formal methods in the software live cycle. Unfortunately the efforts for integrating data and behavior in a same framework for generating automatically test cases with model checkers, have not yet been successful. But we strongly believe that some others solutions for example JML Java Modeling Language [JML] can solve partially the test problem [Bur-02]. For the certification, the certification obtained by Multos did not encourage the other smart card manufacturers to propose high level certification due to the costs, even if Gemplus got an EAL5+ certificate. If certification helps to introduce formal methods this is just as a side effect. Finally it is the complexity of the operating systems and the need to avoid vulnerabilities that initiated the GemClassifier [Lan-02] smart card development. We believe that a clean methodology with related metrics and tools improvements will consequently help the integration of formal methods and in particular the B method [Abr-96] in the software process [Cas-02]. It is important to have guidelines for the specifications and proofs that help the designers. For this purpose we joined a European project, named MATISSE 1 . The approach of the MATISSE [Mat-01] project is to exploit and enhance existing generic methodologies and associated technologies that support the correct construction of software-based systems. In particular, a strong emphasis was placed on the use of the B Method. Within this project, we evaluate the advantages and the drawbacks of using formal methods in our specific domain by applying a dedicated methodology on our case study. 2. The Gemplus case study For the Java Card security, it is important that an applet can not have access to the data of other applets by using the sharing mechanism, or access to the code of the operating system. 1 European IST Project MATISSE IST-1999-11435
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
The verifier is a key component of the Java security architecture. It examines incoming code in order to ensure that it respects the syntax of the byte code language and the language typing rules. The verifier checks statically that the control flow and the data flow do not generate run time error. Other components are responsible for protecting system resources from abuse but they depend on the verifier as they rely on language features such as access restrictions (private, protected, final, etc ). It is obvious to say that a vulnerability in this component would be catastrophic for the card. We have specified and implemented such a
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/02/2011 for the course SECURITY 2354 taught by Professor Morganjones during the Spring '11 term at Ucla Venezuela.

Page1 / 5

10.1.1.4.1760 - The use of B for Smart Card Jean-Louis...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online