Correctness of Java Card Method Lookup via Logical Relations.

This article presents a formalisation of the bytecode optimisation of Sun's Java Card language from the class ÿle to CAP ÿle format as a set of constraints between the two formats, and deÿnes and proves ... The optimisation is given as a logical relation such that the instantiated semantics are observably equal. ... We describe a semantic framework for proving the correctness of Java Card tokenisation. ...

doi:10.1016/s0304-3975(01)00138-4 fatcat:uu6gldk7dve2raxkmclvwyzhdq

Szczepanski

This article presents a formalisation of the bytecode optimisation of Sun's Java Card language from the class ÿle to CAP ÿle format as a set of constraints between the two formats, and deÿnes and proves ... The optimisation is given as a logical relation such that the instantiated semantics are observably equal. ... We describe a semantic framework for proving the correctness of Java Card tokenisation. ...

doi:10.1007/3-540-46425-5_7 fatcat:gtaurugjmvgzpjjc4wdnkdmlb4

(ÿrst-order logic, temporal logic, epistemic logic), semantics (static analysis, type theory,) formal methods and related approaches (model-checking, theorem-proving, process algebra) and complexity. ... Theoretical foundations for the analysis (or the design) of security aspects of these applications are badly needed in order to validate and prove (or guarantee) their correctness. ... "Correctness of Java Card Method Lookup via Logical Relations" (E. Denney, T. ...

doi:10.1016/s0304-3975(01)00135-9 fatcat:nyegzn4abbg2pgpr6sai7ddl4e

Szczepanski

Java Card Java Card [18] is a variation of Java that is tailored for smart cards. A smart card is a plastic card containing a small processor. Smart cards are used in ... We present a calculus for the verification of sequential Java programs. It supports all Java language constructs and has additional support for Java Card. ... A typical program (including loading of tickets via internet and offline transfer of tickets) has about 1200 lines of code and about 40 methods. ...

doi:10.1007/978-3-540-27815-3_37 fatcat:nxq4unamavgatkbxz4ag5ez3pq

This paper reports on the formal proof of correctness of a compiler from a substantial subset of Java source language to Java bytecode in the proof environment Isabelle. ... This work is based on extensive previous formalizations of Java, which comprise all relevant features of object-orientation. ... Johannes Pfeifroth has given a first version of the compiler correctness statement of Section 4.1. ...

doi:10.1007/3-540-45620-1_5 fatcat:jmwkwgsrunecnif3evnm5xcbxa

The resulting multi-modal program logic is called Java Card Dynamic Logic or, for short, Java Card DL [3, Chapt. 3]. ... The Eclipse and Together KeY plugins allow to select Java classes or methods that are annotated with formal specifications and both plugins offer to prove a number of correctness judgements such as behavioural ... Acknowledgements We would like to thank Richard Bubel for many discussions on various topics of the paper, and for his enormous contribution to the constant improvement of the KeY system. ...

doi:10.1007/978-3-540-74792-5_4 fatcat:gyp7wdqljbd5fac7uru62fc3qm

The proof of existence of a solution to the constraints is constructive which means that the extraction mechanism of Coq provides a provably correct data flow analyser in Ocaml from the proof. ... Constraints are represented in a way that allows for both efficient constraint resolution and correctness proof of the analysis with respect to an operational semantics. ... We have instantiated it to a data flow analysis for Java Card. ...

doi:10.1016/j.tcs.2005.06.004 fatcat:4wv4oboplndepdo2ji5kavlmi4

Szczepanski

The proof of existence of a solution to the constraints is constructive which means that the extraction mechanism of Coq provides a provably correct data flow analyser in Ocaml from the proof. ... Constraints are represented in a way that allows for both efficient constraint resolution and correctness proof of the analysis with respect to an operational semantics. ... We have instantiated it to a data flow analysis for Java Card. ...

doi:10.1007/978-3-540-24725-8_27 fatcat:h5sua7zg75gtlpbtul673xtq3e

This work provides a framework to enforce the security of the native code by formal analysis and can be generalized to verify a complete implementation of the Java Card platform. ... We formally prove the correctness of the refinement steps between two adjacent levels. ... Java Card Methods Invocation. When a Java Card method is invoked, a new frame is pushed onto the frame stack. ...

doi:10.1007/11733447_23 fatcat:xx7n333ukvhi5mfyvnesduzxnq

We present a certified algorithm for resource usage analysis, applicable to languages in the style of Java byte code. The algorithm verifies that a program executes in bounded memory. ... The expression of the algorithm as a constraint-based static analysis of the program over simple lattices provides a link with abstract interpretation that allows to state and prove formally the correctness ... Recent work on verification of C code in Coq [6] could be of essential use here. ...

doi:10.1007/11526841_8 fatcat:pfpfqiqsknfxpcyihgzqmyjhwy

Acknowledgments The real work on this project was done by a talented group of Cornell students: James Barabas, Jason Howes, Char Shing "Wilson" Ng, Madhav Ranjan, Naveen Sastry, Pratap Singh, James Wann ... Where we put together a collection of Java packages which can be used directly to implement telephony applications in Java, they produced a collection of Java Beans which can be selected and combined to ... In ITX, application logic is separated from signaling logic. The interface between the application and signaling is an API to initiate activities (e.g. ...

doi:10.1109/35.833562 fatcat:2qyurtm5wvabjozsuodgmjjfvu

This chapter presents a formalization of functional and behavioural requirements, and a refinement of requirements to a design for CoCoME using the Relational Calculus of Object and Component Systems ( ... We give a model of requirements based on an abstraction of the use cases described in Chapter 3.2. ... Java provides the implementations of these types via the Collection interface. Thus these operations in specifications can be directly coded in Java. ...

doi:10.1007/978-3-540-85289-6_6 fatcat:i27juyc5efcgxabpezw6rzp4bq

This article presents a type certifying compiler for a subset of Java and proves the type correctness of the bytecode it generates in the proof assistant Isabelle. ... The basis for this work is an extensive formalization of the Java bytecode type system, which is first presented in an abstract, lattice-theoretic setting and then instantiated to Java types. ... For example, dynamic method binding is achieved via a method lookup function method that selects the method to be invoked, given the dynamic type dynT of expression e (whereas C is the static type) and ...

doi:10.1016/j.jlap.2003.07.004 fatcat:kmrd2s5mvja3dhexfb2eyrr3qu

Szczepanski

The correctness proofs are formalised using the PVS theorem prover. This reveals several subtleties to be considered in the definition of the translation algorithm and in the program requirements. ... Their typical use is to monitor the execution of an application, and to interrupt it as soon as the security policy is violated. However, run-time adherence checking is not always convenient. ... We thank Erik Poll for his useful comments on an earlier draft of this paper, and Igor Siveroni, who started the work on this topic and came up with the idea to use method-level set-annotations. ...

doi:10.1007/978-3-642-00593-0_23 fatcat:fgkewmgcqbgwzljautvwskjude

We present a refinement method for Java programs which is motivated by the challenge of verifying security protocol implementations. ... The method can be used for stepwise refinement of abstract specifications down to the level of code running in the real application. ... We then formulate theorems for each Java method which relate the behavior of the method to the abstract counterpart of its input. ...

doi:10.1007/978-3-540-72952-5_14 fatcat:nfsxbnmhdbhkxj663u3bbnw4au

Correctness of Java card method lookup via logical relations

Preserved Fulltext

Correctness of Java Card Method Lookup via Logical Relations [chapter]

Preserved Fulltext

Editorial

Preserved Fulltext

A Formally Verified Calculus for Full Java Card [chapter]

Preserved Fulltext

Formal Verification of a Java Compiler in Isabelle [chapter]

Preserved Fulltext

Verifying Object-Oriented Programs with KeY: A Tutorial [chapter]

Preserved Fulltext

Extracting a data flow analyser in constructive logic

Preserved Fulltext

Extracting a Data Flow Analyser in Constructive Logic [chapter]

Preserved Fulltext

Certifying Native Java Card API by Formal Refinement [chapter]

Preserved Fulltext

Certified Memory Usage Analysis [chapter]

Preserved Fulltext

Building blocks for IP telephony

Preserved Fulltext

Modelling with Relational Calculus of Object and Component Systems - rCOS [chapter]

Preserved Fulltext

Verified bytecode verification and type-certifying compilation

Preserved Fulltext

A Formal Connection between Security Automata and JML Annotations [chapter]

Preserved Fulltext

A Refinement Method for Java Programs [chapter]

Preserved Fulltext