Certification of Smart-Card Applications in Common Criteria

Authors:
Iman Narasamdya;Michaël Périn
Affiliations:
FBK-Irst, Italy;Verimag - UJF, France
Venue:
FASE '09 Proceedings of the 12th International Conference on Fundamental Approaches to Software Engineering: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009
Year:
2009

Citing 9
Cited 0

An axiomatic basis for computer programming

Communications of the ACM
Efficient Simulation of Formal Processor Models

Formal Methods in System Design
Formal methods for smart cards: an experience report

Science of Computer Programming - Formal methods for components and objects pragmatic aspects and applications
Formal certification of a compiler back-end or: programming a compiler with a proof assistant

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Formal specification and verification of data separation in a separation kernel for an embedded system

Proceedings of the 13th ACM conference on Computer and communications security
CoVaC: Compiler Validation by Program Analysis of the Cross-Product

FM '08 Proceedings of the 15th international symposium on Formal Methods
Industrial Use of Formal Methods for a High-Level Security Evaluation

FM '08 Proceedings of the 15th international symposium on Formal Methods
A fast linear-arithmetic solver for DPLL(T)

CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
The mondex challenge: machine checked proofs for an electronic purse

FM'06 Proceedings of the 14th international conference on Formal Methods

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present a method for proving representation correspondences in the Common Criteria (CC) certification of smart-card applications. For security policy enforcement, the CC defines a chain of requirements: a security policy model (SPM), a functional specification (FSP), and a target-of-evaluation design (TDS). In our approach to the CC certification, these requirements are models of applications that can have different representations. A representation correspondence (RCR) describes a correlation between the representations of two adjacent requirements. One task in the CC certification is to demonstrate formal proofs of RCRs. We first develop a modelling framework by which the representations of SPM, FSP and TDS can be described uniformly as models of an application. We then define RCRs as mutual simulations between two application models over sets of observable events and variables. We describe a proof technique for proving RCRs and providing certificates about them based on assertions relating two models at specific locations. We show how RCRs can help us prove property preservation from the SPM to the FSP and the TDS.