An axiomatic basis for computer programming
Communications of the ACM
Efficient Simulation of Formal Processor Models
Formal Methods in System Design
Formal methods for smart cards: an experience report
Science of Computer Programming - Formal methods for components and objects pragmatic aspects and applications
Formal certification of a compiler back-end or: programming a compiler with a proof assistant
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Proceedings of the 13th ACM conference on Computer and communications security
CoVaC: Compiler Validation by Program Analysis of the Cross-Product
FM '08 Proceedings of the 15th international symposium on Formal Methods
Industrial Use of Formal Methods for a High-Level Security Evaluation
FM '08 Proceedings of the 15th international symposium on Formal Methods
A fast linear-arithmetic solver for DPLL(T)
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
The mondex challenge: machine checked proofs for an electronic purse
FM'06 Proceedings of the 14th international conference on Formal Methods
Hi-index | 0.00 |
We present a method for proving representation correspondences in the Common Criteria (CC) certification of smart-card applications. For security policy enforcement, the CC defines a chain of requirements: a security policy model (SPM), a functional specification (FSP), and a target-of-evaluation design (TDS). In our approach to the CC certification, these requirements are models of applications that can have different representations. A representation correspondence (RCR) describes a correlation between the representations of two adjacent requirements. One task in the CC certification is to demonstrate formal proofs of RCRs. We first develop a modelling framework by which the representations of SPM, FSP and TDS can be described uniformly as models of an application. We then define RCRs as mutual simulations between two application models over sets of observable events and variables. We describe a proof technique for proving RCRs and providing certificates about them based on assertions relating two models at specific locations. We show how RCRs can help us prove property preservation from the SPM to the FSP and the TDS.