Title :
Verification of JAVA CARD Applets Behavior with Respect to Transactions and Card Tears
Author :
Marché, Claude ; Rousset, Nicolas
Author_Institution :
PCRI-LRI, Paris II Univ., Orsay
Abstract :
The Java card transaction mechanism allows to protect sensitive operations on smart cards against problems due to card tears or power losses. Statements within a transaction are viewed as a single atomic operation so that either they are all performed or none of them is. KRAKATOA is a tool for static verification of Java programs annotated in JML (Java modeling language), a behavioral specification language tailored to Java and based on first order predicate logic. In a first step, we show how we modeled the transactions within KRAKATOA, by generating on-the-fly (i.e. on each applet) specifications of the API methods for transactions. In a second step, we consider security problems that can be caused by a card tear. We propose new JML constructs allowing to express properties to satisfy when a method is interrupted by a card tear, also taking non-atomic methods into account. We present a modeling of these constructs in KRAKATOA, and show it is practicable for the detection of potential security holes, or to prove the absence of risk
Keywords :
Java; application program interfaces; smart cards; specification languages; transaction processing; API methods; Java card applets; Java card transaction; Java modeling language; KRAKATOA; card tears; smart cards; static verification; Computer languages; Formal verification; Java; Logic; Object oriented modeling; Protection; Security; Smart cards; Software safety; Specification languages; Card Tears; Formal verification; JAVA CARD applets; JML; Transactions; non-atomic methods.;
Conference_Titel :
Software Engineering and Formal Methods, 2006. SEFM 2006. Fourth IEEE International Conference on
Conference_Location :
Pune
Print_ISBN :
0-7695-2678-0
DOI :
10.1109/SEFM.2006.38
