Formalizing the safety of Java, the Java virtual machine, and Java card
ACM Computing Surveys (CSUR)
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Certifying an embedded remote method invocation protocol
Proceedings of the 2008 ACM symposium on Applied computing
Certifying native java card API by formal refinement
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Formal verification of security properties of smart card embedded source code
FM'05 Proceedings of the 2005 international conference on Formal Methods
Formal methods for smartcard security
Foundations of Security Analysis and Design III
Formal verification of a c compiler front-end
FM'06 Proceedings of the 14th international conference on Formal Methods
Certification of Smart-Card Applications in Common Criteria
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Security Testing and Formal Methods for High Levels Certification of Smart Cards
TAP '09 Proceedings of the 3rd International Conference on Tests and Proofs
Certifying compilers using higher-order theorem provers as certificate checkers
Formal Methods in System Design
A formal security model of a smart card web server
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Generating Invariant-Based Certificates for Embedded Systems
ACM Transactions on Embedded Computing Systems (TECS)
Automatized high-level evaluation of security properties for RTL hardware designs
Proceedings of the Workshop on Embedded Systems Security
Hi-index | 0.00 |
This paper presents an effective use of formal methods for the development and for the security certification of smart card software. The approach is based on the Common Criteria's methodology that requires the use of formal methods to prove that a product implements the claimed security level. This work led to the world-first certification of a commercial Java CardTMproduct involving all formal assurances needed to reach the highest security level. For this certification, formal methods have been used for the design and the implementation of the security functions of the Java Card system embedded in the product. We describe the refinement scheme used to meet the Common Criteria's requirements on formal models and proofs. In particular, we show how to build the proof that the implementation ensures the security objectives claimed in the security specification. We also provide some lessons learned from this important application of formal methods to the smart cards industry.