Smartcard intelligence
Without security measures provided by reliable certification, a decrease in confidence and development in software security operations will likely take place. In the past, smartcard applications were not accessible for research mainly because they were too complex or confidential. The long-term goal of the Demoney application therefore is to aid certification authorities to automatically certify software at the highest possible security levels. Demoney is an electronic purse for smartcards and represents a typical feature in banking applications. Although it is very basic, it involves certification codes and secure messaging based on secret keys and challenges. The flow logic of this application provides a versatile specification language for formalising security properties. It also is capable of such bonus features as a loyalty plan, which is the ability to award points automatically when making a store purchase. This new quantitative approach to security analysis has replaced the classical notion of safety by allowing the measurement of how vulnerable a system might be in order to strengthen it. This is good news for the future of software security. It will contribute towards preventing harmful and illegal operations and invoke a sense of confidence both for the user as well as for the provider.
