Objective The next generation of smart cards will be used for services where security is a key issue: authenticated access to computer networks, e-commerce, high value wire-less services etc. Reliability and trust are necessary for large-scale adoption and success of smart cards. The application programs (applets) for these cards will be written in JavaCard, a simplified version of Java, the popular programming language. Correct functioning of these applets must be guaranteed, and potentially malicious applets must be identified. Therefore, new validation techniques are needed, based on well-defined models for JavaCard, using special tools (theorem proving and model checking) for mathematically proving correctness, going well beyond testing. Correctness will be established for crucial components of the JavaCard platform (bytecode verifier, virtual machine, API) based on the open JavaCard standard, and for individual applets (provided by the industrial partners in case studies).Objectives:The VerifiCard consortium aims at:1. Providing the European smart card manufacturers with the latest technology (models and tools) for verification of the JavaCard platform and of JavaCard applications, so that they can satisfy the highest quality evaluation requirements (as part of the so-called Common Criteria). This will be economically profitable, not only for these industries, but also for society as whole, through the increased number of reliable applications of smart cards, for example in the development of e-commerce.2. Boosting the field of (Java) program specification and verification, so that it can develop from an academic discipline into an industrially relevant field. JavaCard is a potential killer-application for this discipline, because of current market-demand for such verification technology, and because the JavaCard language, platform and applications are all relatively small, and thus within limits of current verification capabilities.Work description:The actual work towards the correctness of JavaCard-based smart cards will be split in several tasks, roughly along the dividing lines source/byte code and platform/applets.Semantics will be provided for JavaCard source code. It will form the basis for an Interface Specification Language, based on Hoare-style specification for object-oriented languages. This language will be used to prove the correctness of the class library (API) and of the application programs (applets) that run on smart cards.A formalization of the JavaCard Virtual Machine (JCVM) will be provided as the basis for correctness proofs of several platform components at byte code level, such as the compiler (from source to byte code), the Byte Code Verifier (BCV) and the Converter. A Temporal Logic Specification Language will be defined for JavaCard, and used to establish correctness and security properties (still at byte code level) via suitable composition and abstraction techniques.The verifications will be performed with theorem provers (programs that support and check logical arguments) and model checkers (programs that check the validity of correctness assertions by exhaustively testing all possible situations that can arise during execution).A prominent role will be played by the case studies provided by the participating industries (and additionally by the members of the End-User Panel), for multi-application smart cards used in banking and telecommunications (GSM). They involve both "good" applets, for which it must be shown that they function appropriately, and "bad" applets, whose malicious character must be detected, using the models of JavaCard.What is unique about this project is the extensive use that will be made of modern tools (theorem provers and model checkers) in a concentrated attack on the correctness problems of a small and well-defined area, namely JavaCard, thus guaranteeing a high chance of success.Milestones:The VerifiCard project will provide:1. fully specified and verified components of the JavaCard platform, including the byte code verifier (BCV), the cap-file Converter and the class library (API), based on the open JavaCard standard.L%2. on this basis, fully specified and verified JavaCard application programs (applets). These will be provided by the industrial partners, stemming from the main smart card application areas: banking and mobile communication. Fields of science natural sciencescomputer and information sciencessoftwaresocial scienceseconomics and businessbusiness and managementcommercee-commerceengineering and technologyelectrical engineering, electronic engineering, information engineeringinformation engineeringtelecommunicationstelecommunications networks Programme(s) FP5-IST - Programme for research, technological development and demonstration on a "User-friendly information society, 1998-2002" Topic(s) 2000-5.1.5 - CPA5: Smart cards Call for proposal Data not available Funding Scheme CSC - Cost-sharing contracts Coordinator STICHTING KATHOLIEKE UNIVERSITEIT Address Geert grooteplein-noord 9 6525 EZ Nijmegen Netherlands See on map EU contribution € 0,00 Participants (5) Sort alphabetically Sort by EU Contribution Expand all Collapse all AXALTO SA France EU contribution € 0,00 Address Avenue jean jaures 50 92120 Montrouge See on map INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE France EU contribution € 0,00 Address Domaine de voluceau 78153 Le chesnay See on map SICS, SWEDISH INSTITUTE OF COMPUTER SCIENCE AB Sweden EU contribution € 0,00 Address Isafjordsgatan 22 164 29 Kista See on map TECHNISCHE UNIVERSITAET KAISERSLAUTERN Germany EU contribution € 0,00 Address Gottlieb-daimler-strasse 67663 Kaiserslautern See on map TECHNISCHE UNIVERSITAET MUENCHEN Germany EU contribution € 0,00 Address Arcisstrasse 21 80333 Muenchen See on map
