A Verifiable Conformance Relationship between Smart Card Applets and B Security Models

Authors:
Frédéric Dadeau;Julien Lamboley;Thierry Moutet;Marie-Laure Potet
Affiliations:
Laboratoire d'Informatique de Franche-Comté, Besançon cedex, F-25030;Vérimag, centre équation, Gières, F-38610;Vérimag, centre équation, Gières, F-38610;Vérimag, centre équation, Gières, F-38610
Venue:
ABZ '08 Proceedings of the 1st international conference on Abstract State Machines, B and Z
Year:
2008

Citing 11
Cited 0

The temporal logic of actions

ACM Transactions on Programming Languages and Systems (TOPLAS)
Conformance testing with labelled transition systems: implementation relations and test generation

Computer Networks and ISDN Systems - Special issue on protocol testing
Enforceable security policies

ACM Transactions on Information and System Security (TISSEC)
Specification of the Javacard API in JML

Proceedings of the fourth working conference on smart card research and advanced applications on Smart card research and advanced applications
A Discipline of Programming

A Discipline of Programming
Introducing Dynamic Constraints in B

B '98 Proceedings of the Second International B Conference on Recent Advances in the Development and Use of the B Method
Generating security tests in addition to functional tests

Proceedings of the 3rd international workshop on Automation of software test
Security policy enforcement through refinement process

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Integration of security policy into system modeling

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
LEIRIOS test generator: automated test generation from b models

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B
Meca: a tool for access control models

B'07 Proceedings of the 7th international conference on Formal Specification and Development in B

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a formal framework based on the B method, that supports the development of secured smart card applications. Accordingly to the Common Criteria methodology, we start from a formal definition and modelling of security policies, as access control policies. At the end of the development process, smart card applications are implemented in a standardized way, based on both the life cycle of smart card applets and the APDU protocol. In this paper, we define a conformance relationship that aims at establishing how smart card applications can be related to security requirement models. This embraces both the notions of security conformance as well as traceability allowing to relate basic events appearing at the level of applications with abstract security policies. This approach has been developed in the RNTL POSÉ project, involving a smart card issuer, Gemalto.