Formal verification of security properties of smart card embedded source code

Authors:
June Andronick;Boutheina Chetali;Christine Paulin-Mohring
Affiliations:
Axalto, Smart Cards Research, Louveciennes Cedex, France;Axalto, Smart Cards Research, Louveciennes Cedex, France;Laboratoire de Recherche en Informatique, UMR 8623 CNRS, Université Paris-Sud, Orsay Cedex, France
Venue:
FM'05 Proceedings of the 2005 international conference on Formal Methods
Year:
2005

Citing 9
Cited 5

JML (poster session): notations and tools supporting detailed design in Java

OOPSLA '00 Addendum to the 2000 proceedings of the conference on Object-oriented programming, systems, languages, and applications (Addendum)
Machine-Checking the Java Specification: Proving Type-Safety

Formal Syntax and Semantics of Java
Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods

FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Formal Development of an Embedded Verifier for Java Card Byte Code

DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
Proving Pointer Programs in Hoare Logic

MPC '00 Proceedings of the 5th International Conference on Mathematics of Program Construction
A Formal Executable Semantics of the JavaCard Platform

ESOP '01 Proceedings of the 10th European Symposium on Programming Languages and Systems
Extending JML Specifications with Temporal Logic

AMAST '02 Proceedings of the 9th International Conference on Algebraic Methodology and Software Technology
Embedding Formally Proved Code in a Smart Card: Converting B to C

ICFEM '00 Proceedings of the 3rd IEEE International Conference on Formal Engineering Methods
Verification of non-functional programs using interpretations in type theory

Journal of Functional Programming

Industrial Use of Formal Methods for a High-Level Security Evaluation

FM '08 Proceedings of the 15th international symposium on Formal Methods
Formal Verification by Reverse Synthesis

SAFECOMP '08 Proceedings of the 27th international conference on Computer Safety, Reliability, and Security
Mind the Gap

TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
Certifying native java card API by formal refinement

CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Code optimizations using formally verified properties

Proceedings of the 2013 ACM SIGPLAN international conference on Object oriented programming systems languages & applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. The method presented uses the Caduceus tool, built on top of the Why tool. Caduceus enables the verification of an annotated C program and provides a validation process that we used to generate a high level formal model of the C source code. This method is illustrated by an example extracted from the verification of a smart card embedded operating system.