Certifying an embedded remote method invocation protocol
Proceedings of the 2008 ACM symposium on Applied computing
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
The Why/Krakatoa/Caduceus platform for deductive program verification
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Verification of object-oriented software: The KeY approach
Verification of object-oriented software: The KeY approach
Hi-index | 0.00 |
The JAVA CARD transaction mechanism allows to protect sensitive operations on smart cards against problems due to card tears or power losses. Statements within a transaction are viewed as a single atomic operation so that either they are all performed or none of them is. KRAKATOA is a tool for static verification of Java programs annotated in JML (Java Modeling Language), a behavioral specification language tailored to Java and based on first order predicate logic. In a first step, we show how we modeled the transactions within KRAKATOA, by generating on-the-fly (i.e. on each applet) specifications of the API methods for transactions. In a second step, we consider security problems that can be caused by a card tear. We propose new JML constructs allowing to express properties to satisfy when a method is interrupted by a card tear, also taking non-atomic methods into account. We present a modeling of these constructs in KRAKATOA, and show it is practicable for the detection of potential security holes, or to prove the absence of risk.