Abstract
The bytecode verifier (BCV), which performs a static analysis to reject potentially insecure programs, is a key security function of the Java(Card) platform. Over the last few years there have been numerous projects to prove formally the correctness of bytecode verification, but relatively little effort has been made to provide methodologies, techniques and tools that help such formalisations. In earlier work, we develop a methodology and a specification environment featuring a neutral mathematical language based on conditional rewriting, that considerably reduce the cost of specifying virtual machines.
In this work, we show that such a neutral mathematical language based on conditional rewriting is also beneficial for performing automatic verifications on the specifications, and illustrate in particular how implicit induction techniques can be used for the validation of the Java(Card) Platform. More precisely, we report on the use of SPIKE, a first-order theorem prover based on implicit induction, to establish the correctness of the BCV. The results are encouraging, as many of the intermediate lemmas required to prove the BCV correct can be proved with SPIKE.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
G. Barthe, P. Courtieu, G. Dufay, and S. Melo de Sousa. Tool-Assisted Specification and Verification of the JavaCard Platform. In H. Kirchner and C. Ringessein, editors, Proceedings of AMAST’02, volume 2422 of Lecture Notes in Computer Science, pages 41–59. Springer-Verlag, 2002.
G. Barthe and G. Dufay. Verified ByteCode Verifiers Revisited. Manuscript, 2003.
G. Barthe, G. Dufay, M. Huisman, and S. Melo de Sousa. Jakarta: a toolset to reason about the JavaCard platform. In I. Attali and T. Jensen, editors, Proceedings of e-SMART’01, volume 2140 of Lecture Notes in Computer Science, pages 2–18. Springer-Verlag, 2001.
G. Barthe, G. Dufay, L. Jakubiec, and S. Melo de Sousa. A formal correspondence between offensive and defensive JavaCard virtual machines. In A. Cortesi, editor, Proceedings of VMCAI’02, volume 2294 of Lecture Notes in Computer Science, pages 32–45. Springer-Verlag, 2002.
G. Barthe, G. Dufay, L. Jakubiec, B. Serpette, and S. Melo de Sousa. A Formal Executable Semantics of the JavaCard Platform. In D. Sands, editor, Proceedings of ESOP’01, volume 2028 of Lecture Notes in Computer Science, pages 302–319. Springer-Verlag, 2001.
A. Bouhoula. Using induction and rewriting to verify and complete parameterized specifications. Theoretical Computer Science, 1–2(170):245–276, 1996.
A. Bouhoula. Automated theorem proving by test set induction. Journal of Symbolic Computation, 23(1):47–77, January 1997.
R. S. Boyer and J S. Moore. Integrating decision procedures into heuristic theorem provers: A case study with linear arithmetic. ICSCA-CMP-44, University of Texas at Austin, 1985. Also published in Machine Intelligence 11, Oxford University Press, 1988.
L. Casset, L. Burdy, and A. Requet. Formal Development of an Embedded Verifier for JavaCard ByteCode. In Proceedings of DSN’02. IEEE Computer Society, 2002.
I. Cervesato, N. A. Durgin, P. D. Lincoln, J. C. Mitchell, and A. Scedrov. A meta-notation for protocol analysis. In 12th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, June 1999.
A. Coglio, A. Goldberg, and Z. Qian. Towards a Provably-Correct Implementation of the JVM Bytecode Verifier. In Formal Underpinnings of Java Workshop at OOPSLA, 1998.
Coq Development Team. The Coq Proof Assistant User’s Guide. Version 7.4, February 2003.
G. Denker, J. Meseguer, and C. Talcott. Formal specification and analysis of active networks and communication protocols: The maude experience. In DARPA Information Survivability Conference and Exposition (DISCEX 2000). IEEE, 2000.
P. Hartel and L. Moreau. Formalizing the Safety of Java, the Java Virtual Machine and Java Card. ACM Computing Surveys, 33(4):517–558, December 2001.
G. Klein. Verified Java Bytecode Verification. PhD thesis, Technical University Munich, 2003.
G. Klein and T. Nipkow. Verified bytecode verifiers. Theoretical Computer Science, 2003. To appear.
Q.-H. Nguyen, C. Kirchner, and H. Kirchner. External rewriting for skeptical proof assistants. Journal of Automated Reasoning, 29(3–4):309–336, 2002.
T. Nipkow. Verified Bytecode Verifiers. In F. Honsell and M. Miculan, editors, Proceedings of FOSSACS’01, volume 2030 of Lecture Notes in Computer Science, pages 347–363. Springer-Verlag, 2001.
R. Stärk, J. Schmid, and E. Börger. Java and the Java Virtual Machine-Definition, Verification, Validation. Springer-Verlag, 2001.
S. Stratulat. A general framework to build contextual cover set induction provers. Journal of Symbolic Computation, 32(4):403–445, September 2001.
S. Stratulat. New uses of existential variables in implicit induction. In preparation.
D. Syme and A. D. Gordon. Automating type soundness proofs via decision procedures and guided reductions. In M. Baaz and A. Voronkov, editors, Proceedings of LPAR’02, volume 2514 of Lecture Notes in Computer Science, pages 418–434, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barthe, G., Stratulat, S. (2003). Validation of the JavaCard Platform with Implicit Induction Techniques. In: Nieuwenhuis, R. (eds) Rewriting Techniques and Applications. RTA 2003. Lecture Notes in Computer Science, vol 2706. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44881-0_24
Download citation
DOI: https://doi.org/10.1007/3-540-44881-0_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-40254-1
Online ISBN: 978-3-540-44881-5
eBook Packages: Springer Book Archive