3,432 Hits in 5.1 sec

Formal Verification of Security Properties of Smart Card Embedded Source Code [chapter]

June Andronick, Boutheina Chetali, Christine Paulin-Mohring
2005 Lecture Notes in Computer Science  
This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards.  ...  This method is illustrated by an example extracted from the verification of a smart card embedded operating system.  ...  We use this method for the formal verification of an operating system module embedded on a smart card.  ... 
doi:10.1007/11526841_21 fatcat:erblq2aorravpdbj33gywmvxxi

Formally Proved Anti-tearing Properties of Embedded C Code

June Andronick
2006 Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006)  
The back-ground methodology, presented in [1], [2], enables to prove global properties from source code.  ...  In smart card embedded programs, some operations must not be suddenly interrupted, because if they are, the card is left in an inconsistent state.  ...  This paper presents a methodology to formally prove antitearing properties of C source code embedded into smart cards.  ... 
doi:10.1109/isola.2006.14 dblp:conf/isola/Andronick06 fatcat:tm24zeqqjvb4vmsmjcvd5nvwzu

Computer Security from a Programming Language and Static Analysis Perspective [chapter]

Xavier Leroy
2003 Lecture Notes in Computer Science  
Application to Smart Card Programming Smart Card Architectures Smart cards are small, inexpensive embedded computers used as security tokens in several areas, such as credit cards and mobile phones.  ...  code, but also a proof that it satisfies a certain security property; the user of the code, then, checks this proof to make sure that the code meets the property.  ... 
doi:10.1007/3-540-36575-3_1 fatcat:5zdqqsnyo5d5lg74oh6kelavwm

Formal Methods Research at SICS and KTH

Mads Dam, Lars-Åke Fredlund, Dillian Gurov
2003 Electronical Notes in Theoretical Computer Science  
Verification of Multi-Applet JavaCard Applications Smart cards provide a secure means for storing and using authentication information and other personal data.  ...  The overall focus is on automated and semiautomated methods for program analysis and verification at source and byte code levels, and on the formalisation of (security-related) requirements and policies  ... 
doi:10.1016/s1571-0661(04)80824-7 fatcat:3rhsokuaw5haxa32nhwne63h7q

Identification and Verification of Security Relevant Functions in Embedded Systems Based on Source Code Annotations and Assertions [chapter]

Johannes Loinig, Christian Steger, Reinhold Weiss, Ernst Haselsteiner
2010 Lecture Notes in Computer Science  
This mechanism is based on annotations representing security constrains and assertions to check these security annotations during the verification phase of the system under development.  ...  Most modern embedded systems include an operating system. Not all functions in the operating systems have to fulfill the same security requirements.  ...  A high-level model instead of source code is used to verify the formal properties of functional and security requirements.  ... 
doi:10.1007/978-3-642-12368-9_25 fatcat:h7o3bndgrrfqvealheau3sjqgm

Formalising Java Safety—An Overview [chapter]

Pieter H. Hartel
2000 Smart Card Research and Advanced Applications  
We review the existing literature on Java safety, emphasizing formal approaches, and the impact of Java. safety on small footprint devices such as smart ca.rds.  ...  The conclusion is that while a. lot of good work has been done, a more concerted effort is needed to build a. coherent set of machine readable formal models of the whole of Java. and its implementation  ...  Acknowledgements The help and comments of Egon Borger, Luc Moreau, and the anonymous referees is gratefully acknowledged.  ... 
doi:10.1007/978-0-387-35528-3_7 fatcat:56uqzqoh6nbbllkysyxqwwiz44

Attack model for verification of interval security properties for smart card C codes

P. Berthomé, K. Heydemann, X. Kauffmann-Tourkestansky, J.-F. Lalande
2010 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10  
Smart card programs are subject to physical attacks that disturb the execution of the embedded code.  ...  This paper proposes a methodology to check interval security properties on smart card source codes. The goal is to identify critical attacks that violate these security properties.  ...  INTRODUCTION This paper addresses the security of embedded software on smart cards.  ... 
doi:10.1145/1814217.1814219 dblp:conf/pldi/BerthomeHKL10 fatcat:k57wx37xencfzbmcjlatxsvtqu


Gilles Grimaud, Jean-Louis Lanet, Jean-Jacques Vandewalle
1999 Software engineering notes  
But, Eric must undoubtedly be acknowledged for his careful reading of the paper and his insightful comments which helped us to improve the paper greatly.  ...  Acknowledgments We first thank Eric Vetillard for providing us with material to write some parts of this paper, and also Patrick Biget for his helpful comments on this paper.  ...  Smart Cards State-of-the-Art The specific domain of smart cards is close to the domain of embedded devices.  ... 
doi:10.1145/318774.319265 fatcat:3yxhdbtwqffkdbdjmexn52wupu

A Load Time Policy Checker for Open Multi-application Smart Cards

Nicola Dragoni, Eduardo Lostal, Olga Gadyatskaya, Fabio Massacci, Federica Paci
2011 2011 IEEE International Symposium on Policies for Distributed Systems and Networks  
We describe an extension of the card security architecture to deal with verification for different types of updates and present a Java Card prototype implementation of the Policy Checker with performance  ...  We suggest the Security-by-Contract approach for loading time application certification on the card, that will enable the stakeholders with the means to ensure the compliance of every update of the card  ...  Huisman et al. present a formal framework and a tool for compositional verification of application interactions on a multi-application smart card [7] .  ... 
doi:10.1109/policy.2011.40 dblp:conf/policy/DragoniLGMP11 fatcat:ratu6robrrc6flmtagd76pyt5i

Software Countermeasures for Control Flow Integrity of Smart Card C Codes [chapter]

Jean-François Lalande, Karine Heydemann, Pascal Berthomé
2014 Lecture Notes in Computer Science  
The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond.  ...  Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities.  ...  In java card enabled smart cards, software components of the virtual machine can perform security checks [18, 20, 10] .  ... 
doi:10.1007/978-3-319-11212-1_12 fatcat:nlondd6pyjalnbr4dukk3q2y7a

A Formal Security Model of a Smart Card Web Server [chapter]

Pierre Neron, Quang-Huy Nguyen
2011 Lecture Notes in Computer Science  
This paper presents a formal model of the smart card Web server specification and the proof of its security properties.  ...  By proving the security properties, we show that the smart card Web server preserves the security policy of the overall model.  ...  We thank the anonymous reviewers for their comments on the previous version of this paper.  ... 
doi:10.1007/978-3-642-27257-8_3 fatcat:qruwrvddh5a7nc2efv33gy43hu

An Observe-and-Detect Methodology for the Security and Functional Testing of Smart Card Applications

Germain Jolly, Sylvain Vernois, Christophe Rosenberger
2016 Proceedings of the 2nd International Conference on Information Systems Security and Privacy  
Smart cards are tamper resistant devices but vulnerabilities are sometimes discovered. We address in this paper the security and the functional testing of embedded applications in smart cards.  ...  The proposed method is based on the observation of the APDU (Application Protocol Data unit) communication with the smart card.  ...  ., 2007) , the verification needs a formal model or the access to the source code. With our language, we can define the required behavior (local and global) using only the transmitted data.  ... 
doi:10.5220/0005682202820289 dblp:conf/icissp/JollyVR16 fatcat:4xih4sltnfgenmdhi4gendbj24

Automatic Test Generation for Java Card Applets [chapter]

Hugues Martin, Lydie du Bousquet
2001 Lecture Notes in Computer Science  
Open-cards have introduced a new life cycle for smart card embedded applications. In the case of Java Card, they have raised the problem of embedded object-oriented applet validation.  ...  We first take benefits of the Java Card platform validation, focusing on application conformity testing.  ...  Its compiled size, to be embedded in a Java Card, exceeds 23Ko. Its source code size exceeds 7000 lines of Java code.  ... 
doi:10.1007/3-540-45165-x_10 fatcat:flox2jpuqnb5pcfdeyow2wqtna

Formalisation and Verification of the GlobalPlatform Card Specification Using the B Method [chapter]

Santiago Zanella Béguelin
2006 Lecture Notes in Computer Science  
We give an overview of an application of the B method to the formalisation and verification of the GlobalPlatform Card Specification.  ...  Although there exists a semi-formal specification and some effort has been put into providing formalisations of particular features of smart card platforms, this is, as far as we know, the very first attempt  ...  Acknowledgements I would like to thank Gilles Barthe for his helpful comments on preliminary versions of this paper.  ... 
doi:10.1007/11741060_9 fatcat:ygwsocnqovd7fkzikcbioajraq

Software verification with VeriFast: Industrial case studies

Pieter Philippaerts, Jan Tobias Mühlberg, Willem Penninckx, Jan Smans, Bart Jacobs, Frank Piessens
2014 Science of Computer Programming  
We applied VeriFast, a sound and modular software verifier based on separation logic, to two Java Card smart card applets, a Linux device driver, and an embedded Linux network management component, the  ...  Yet, given the sensitive application environment of our case studies, these safety properties typically have security implications.  ...  We thank the editors and anonymous reviewers of Science of Computer Programming, AVoCS 2011 and NFM 2012 for their valuable comments on on this article and the previously published extended abstracts,  ... 
doi:10.1016/j.scico.2013.01.006 fatcat:y26xzprluzgppblaavsh3ydsju
« Previous Showing results 1 — 15 out of 3,432 results