Abstract
The traditional approach for programming smart cards does not allow the creation of downloadable executable code and requires programmers with experience in programming in low-level languages. This approach, associated with a high quality qualification process, produce secured smart card. Unfortunately, it does not allow card manufacturers and issuers to quickly respond to the market changes, and it limits the flexibility of smart card applications. Open smart card programming provides a more dynamic approach to card applications. High-level languages and security mechanisms are the basis for the programming of open smart cards. Most notable efforts towards such smart card systems are Java Card [22], MultOS [14] and Smart Card for Windows [15], which provide application developers an opportunity to develop rapidly applications. The main drawback with this kind of smart card is the risk to download a hostile application that will exploit a faulty implementation module of the platform. Security is always a big concern for smart cards, but the issue is getting more intense with multi-applicative platforms and post issuance code downloading. The correct design and implementation of the system is the key to shun such an attack. Fault prevention offers different techniques to remove latent errors from the system. The fault avoidance concerns methodologies and appropriate techniques to avoid the introduction of fault during the design and the construction of the system. In a first approach, one can believe that smart card can only get benefits of using formal methods.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
L. Aertryck, L. Benveniste, D. Le Metayer, CASTING: A Formally Based Software Testing Generation Method, IEEE Computer Society, Nov. 1997.
M. Alberda, P. Hartel, E. de Jong, Using Formal Methods to Cultivate Trust in Smart Card Operating System, In Proceeding of CARDIS’96, pp. 111–132, Amsterdam, Netherlands, Sept. 1996.
S. Behnia, H. Waeselynck, Test Criteria Definition for B Models, FM 99, Vol 1, LNCS 1708, pp. 509–529, 1999.
P. Bieber, J. Cazin, V. Wiels, G. Zanon, P. Girard, J-L. Lanet, Electronic Purse Applet Certification, in Workshops on Secure Architectures and Information Flow, Royal Holloway College, December 1999.
G. Bossu, A. Requet, Embedding Formally Proved Code in a Smart Card: Converting B to C, submitted to ICFEM, York, Sept. 2000.
L. Casset, J.L. Lanet, A Formal Specification of the Java Byte Code Semantics using the B method, ECOOP’99 Workhop on Formal Techniques for Java Programs, June 1999.
R. Cohen, The Defensive Virtual Machine Specification Version 0.5, [http://www.cli.com/software/djvm].
J.-C. Fernandez, C. Jard, T. Jéron, C. Viho, Using on-the-fly verification techniques for the generation of test suites. In CAV’ 96, LNCS 1102, Springer, July 1996.
G. Grimaud, J.-L. Lanet, J.-J. Vandewalle, FAÇADE: a typed intermediate language dedicated to smart cards, ESEC 99, Toulouse, Sept. 1999.
Y. Gurevitch, C. Wallace, Specification and verification of the Windows Card runtime environment using Abstract State Machines, Microsoft Research, MSR-TR-99-07, Feb. 1999.
T. Jensen, D. Le MĂ©tayer, T. Thorn, Verification of control flow based security properties. Research Report no1210, IRISA, Rennes Oct. 1998.
J.-M. Jézéquel, A. Le Guennec, F. Pennaneac’h,. Validating distributed software modeled with UML. In Proc. Int. Workhop UML98, Mulhouse, France, June 1998.
J.-L. Lanet, P. Lartigue, The Use of Formal Methods for Smart Cards, a Comparison between B and SDL to Model the T=1 Protocol, Proceedings of the International Workhop on Comparing Systems Specification Techniques, Nantes, March 1998.
Maosco Ltd. “MultOs” Website. [http://www.multos.com]
Microsoft Corp.“Smart Card for Windows” Web site. [http://www.microsoft.com/windowsce/smartcard/].
S. Motré, Formal Model and Implementation of the Java Card Dynamic Security Policy, AFADL’2000, Grenoble, Jan. 2000.
S. Motré and C. Teri Using B Method to Formalise the Runtime Security Policy for a Common Criteria Evaluation, NISSC, 2000.
J.S. Moore, Proving Theorems about Java-like Byte Code, [http://www.cs.utexas.edu/users/moore/publications/tjvm].
H.P. Nguyen, Dérivation de spécifications formelles B á partir de spécifications semi-formelles PhD Thesis, CEDRIC, 1998.
J. Posegga, H. Vogt, Offline Byte Code Verification for Java Using a Model Checker, 5th European Symposium on Research in Computer Security (ESORICS) 1998, Springer LNCS 1998.
A. Requet, A B Model for Ensuring Soundness of the Java Card Virtual Machine FMICS 2000, March 2000, Berlin.
Sun Microsystems, Inc. Java Card 2.1 Virtual Machine, Run Time Environment and Application Programming Interface Specification, Public Review ed., Feb. 1999. [http://java.sun.com/products/javacard/javacard21.html].
T. Thorn, Vérification de politiques de sécurité par analyse de programmes, PhD. Thesis no 2172, Rennes 1, Feb. 1999.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lanet, JL. (2000). Are Smart Cards the Ideal Domain for Applying Formal Methods. In: ZB 2000: Formal Specification and Development in Z and B. ZB 2000. Lecture Notes in Computer Science, vol 1878. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44525-0_21
Download citation
DOI: https://doi.org/10.1007/3-540-44525-0_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67944-8
Online ISBN: 978-3-540-44525-8
eBook Packages: Springer Book Archive