Secure and Safe Systems based on Static Analysis

The Inria partner has developed a constraint-based static analyser for the Carmel language - an intermediate representation of Java Card byte code. The analyser is based on the Flow Logic for Carmel developed in the Secsafe project. The analysis can serve as a starting point for developing more refined analyses for Java Card and for building analysers for other versions of Java. As part of this effort, the Inria partner has developed a program analyser back-end, called Reqs, for solving systems of constraints over lattices. This back-end is available publicly for others to implement their own program analysers. The analyser is implemented using a modular constraint generation technique originally developed for modular control flow analysis for a small object-oriented language and is designed to be able to analyse fragments of Java programs. Coupled with our modular verification technique for stack inspection, it provides a basis for studying secure Java components and interfaces.

The Succinct Solver V2.0 is an analysis engine for solving data and control flow problems expressed in clausal form in a large fragment of first order logic. The solvers have proved to be useful for a variety of applications including security properties of Java Card byte-code, access control features of Mobile and Discretionary Ambients, and validation of protocol narrations formalised in a suitable process algebra. Both solvers operate over finite domains although they can cope with regular sets of trees by direct encoding of the tree grammars; they differ in fine details about the demands on the universe and the extent to which universal quantification is allowed. The Succinct Solver V2.0 has been benchmarked against other solvers, mainly XSB Prolog with tabled resolution taking SecSafe's main application, DeMoney, as the main test programme. The performance of the Succinct Solver is at worst a small constant factor worse than XSB Prolog, which is hardly surprising given that the Succinct Solver is written in Standard ML and spends a lot of time on the initialisation of data structures and garbage collection, and XSB Prolog is a heavily optimized C program. In optimum cases the Succinct Solver outperforms XSB Prolog by having a substantially lower asymptotic complexity. On DeMoney the two solvers exhibit the same running times (within a 10% margin).

The specification of most smart card applications is either confidential or fairly complex (e.g., EMV). Besides, little or no implementation of realistic smart card applications is available for research purposes. As a result, many research projects can only resort to toy examples as case studies. Demoney is a basic electronic purse for smart cards. Although it is too simple to be used as a real electronic purse, it is realistic enough to be representative of typical features found in smart card applications requiring security, such as banking applications. In particular, it involves authentication protocols and secure messaging, based on secret keys and challenges. Demoney also features inter-applet communication, e.g., to automatically award points on a loyalty plan when making a purchase in a store. There exists a "paper" (i.e., not formal) specification of Demoney as well as a Java CardÔ implementation for three kinds of target platforms: plain Java Card, Open Platform 2.0.1’ and GlobalPlatform 2.1. Both the specification and implementation of Demoney are to be used in case studies for research purposes concerning smart cards and Java CardÔ, e.g., for security evaluations, static analyses, automatic test generation, program transformation, etc. Moreover, Demoney can also be used as a demonstrative example to illustrate the features of a product in this domain, e.g., a test generator.