A formal security model of a smart card web server

Authors:
Pierre Neron;Quang-Huy Nguyen
Affiliations:
Ecole Polytechnique, Palaiseau, France;Trusted Labs, Versailles, France
Venue:
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Year:
2011

Citing 8
Cited 0

Modelling and verifying key-exchange protocols using CSP and FDR

CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Finite-state analysis of SSL 3.0

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Industrial Use of Formal Methods for a High-Level Security Evaluation

FM '08 Proceedings of the 15th international symposium on Formal Methods
Formal Verification of Web Service Interaction Contracts

SCC '08 Proceedings of the 2008 IEEE International Conference on Services Computing - Volume 2
Securing frame communication in browsers

SS'08 Proceedings of the 17th conference on Security symposium
Formalization and verification of a mail server in Coq

ISSS'02 Proceedings of the 2002 Mext-NSF-JSPS international conference on Software security: theories and systems
Towards a Formal Foundation of Web Security

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Verified reference implementations of WS-Security protocols

WS-FM'06 Proceedings of the Third international conference on Web Services and Formal Methods

Quantified Score

Hi-index	0.00

Visualization

Abstract

Smart card Web server provides a modern interface between smart cards and the external world. It is of paramount importance that this new software component does not jeopardize the security of the smart card. This paper presents a formal model of the smart card Web server specification and the proof of its security properties. The formalization enables a thoughtful analysis of the specification that has revealed several ambiguities and potentially dangerous behaviors. Our formal model is built using a modular approach upon a model of Java Card and Global Platform. By proving the security properties, we show that the smart card Web server preserves the security policy of the overall model. In other words, this component introduces no illegal access to the card resources (i.e., file system and applications). Furthermore, the smart card Web server provides a means for securely managing the card contents (i.e., resources update).