Formal Verification of Security Properties of Smart Card Embedded Source Code

Andronick, June; Chetali, Boutheina; Paulin-Mohring, Christine

doi:10.1007/11526841_21

Cited by 15 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…to take into account interruptions, specific modelisation choices or dedicated techniques are to be used (cf. [20]).…”

Section: B About (Mis)understandingsmentioning

confidence: 99%

See 1 more Smart Citation

A Few Remarks about Formal Development of Secure Systems

Jaeger¹,

Hardin²

2008

2008 11th IEEE High Assurance Systems Engineering Symposium

View full text Add to dashboard Cite

Direction centrale de la sécurité des systèmes d'information 51 boulevard de la Tour-Maubourg Abstract-Formal methods provide remarkable tools allowing for high levels of confidence in the correctness of developments. Their use is therefore encouraged, when not required, for the development of systems in which safety or security is mandatory. But effectively specifying a secure system or deriving a secure implementation can be tricky. We propose a review of some classical 'gotchas' and other possible sources of concerns with the objective to improve the confidence in formal developments, or at least to better assess the actual confidence level.

show abstract

“…to take into account interruptions, specific modelisation choices or dedicated techniques are to be used (cf. [20]).…”

Section: B About (Mis)understandingsmentioning

confidence: 99%

“…out ← accounts out := encode(Pwd(root)); IF Pwd(root) < guess THEN wait(10) ELSE wait (20); IF log ∈ Acc THEN out := fct(Acc) ELSE out := ∅…”

Section: About Elusive Propertiesmentioning

confidence: 99%

A Few Remarks about Formal Development of Secure Systems

Jaeger¹,

Hardin²

2008

2008 11th IEEE High Assurance Systems Engineering Symposium

View full text Add to dashboard Cite

show abstract

“…The bottom-up approach is used, for example, in [17] to generate Coq model of C code using tools like Caduceus and Why. The method presented in this paper can be seen as a mixed approach because the low-level model is designed by refining the higher-level models and by abstracting the C code to be certified.…”

Section: Related Workmentioning

confidence: 99%

Certifying Native Java Card API by Formal Refinement

Nguyen¹,

Chetali²

2006

Smart Card Research and Advanced Applications

Self Cite

View full text Add to dashboard Cite

Abstract. This paper describes a refinement-based approach to show that a native Java Card API function fulfills its specification. We refine a native function from its informal specification (by Sun) through several intermediate models into a low-level model which is very close to its C implementations. We formally prove the correctness of the refinement steps between two adjacent levels. The low-level model is sufficiently detailed such that its correspondence to the C implementation can be informally checked. This work provides a framework to enforce the security of the native code by formal analysis and can be generalized to verify a complete implementation of the Java Card platform.

show abstract

“…As illustrated in Figure 1, this implies to formally model each function as a transition between global states of the card. In [1], [2], we presented a general method to build a formal transition system from a source code written in the C language. On one hand, the transition system is automatically extracted from a formal specification of the code.…”

Section: Anti-tearing Propertiesmentioning

confidence: 99%

“…We want to take advantage of the work done by a verification tool, like Caduceus, which needs to build a memory model to generate the verification conditions. More precisely, we propose a method (described in detail in [1], [2]) to build a transition system, formally linked to the source code and such that the memory states are computed by the Caduceus tool.…”

Section: Formal Transition System From C Source Codementioning

confidence: 99%

Formally Proved Anti-tearing Properties of Embedded C Code

Andronick¹

2006

Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (Isola 2006)

Self Cite

View full text Add to dashboard Cite

Abstract-In smart card embedded programs, some operations must not be suddenly interrupted, because if they are, the card is left in an inconsistent state. Since the card can be removed at any time from the terminal, which interrupts any running program, some instructions must be executed at each reset in order to verify if a tearing occurred and to restore a consistent state if necessary. In this case, the card is said to ensure the anti-tearing property. This paper presents a method to formally prove that a C program verifies the anti-tearing property for a given "tearingsensitive" operation. The back-ground methodology, presented in [1], [2], enables to prove global properties from source code. It is here illustrated by the proof of anti-tearing properties, which requires an extension of the method in order to specify and verify functions behaviour in the case of a sudden interruption of their execution.

show abstract

Formal Verification of Security Properties of Smart Card Embedded Source Code

Cited by 15 publications

References 13 publications

A Few Remarks about Formal Development of Secure Systems

A Few Remarks about Formal Development of Secure Systems

Certifying Native Java Card API by Formal Refinement

Formally Proved Anti-tearing Properties of Embedded C Code

Contact Info

Product

Resources

About