Skip to main content

Tool-assisted Specification and Verification of JavaCard Programmes: VerifiCard

Objective

The next generation of smart cards will be used for services where security is a key issue: authenticated access to computer networks, e-commerce, high value wire-less services etc. Reliability and trust are necessary for large-scale adoption and success of smart cards. The application programs (applets) for these cards will be written in JavaCard, a simplified version of Java, the popular programming language. Correct functioning of these applets must be guaranteed, and potentially malicious applets must be identified. Therefore, new validation techniques are needed, based on well-defined models for JavaCard, using special tools (theorem proving and model checking) for mathematically proving correctness, going well beyond testing. Correctness will be established for crucial components of the JavaCard platform (bytecode verifier, virtual machine, API) based on the open JavaCard standard, and for individual applets (provided by the industrial partners in case studies).

Objectives:
The VerifiCard consortium aims at:
1. Providing the European smart card manufacturers with the latest technology (models and tools) for verification of the JavaCard platform and of JavaCard applications, so that they can satisfy the highest quality evaluation requirements (as part of the so-called Common Criteria). This will be economically profitable, not only for these industries, but also for society as whole, through the increased number of reliable applications of smart cards, for example in the development of e-commerce.
2. Boosting the field of (Java) program specification and verification, so that it can develop from an academic discipline into an industrially relevant field. JavaCard is a potential killer-application for this discipline, because of current market-demand for such verification technology, and because the JavaCard language, platform and applications are all relatively small, and thus within limits of current verification capabilities.

Work description:
The actual work towards the correctness of JavaCard-based smart cards will be split in several tasks, roughly along the dividing lines source/byte code and platform/applets.
Semantics will be provided for JavaCard source code. It will form the basis for an Interface Specification Language, based on Hoare-style specification for object-oriented languages. This language will be used to prove the correctness of the class library (API) and of the application programs (applets) that run on smart cards.
A formalization of the JavaCard Virtual Machine (JCVM) will be provided as the basis for correctness proofs of several platform components at byte code level, such as the compiler (from source to byte code), the Byte Code Verifier (BCV) and the Converter. A Temporal Logic Specification Language will be defined for JavaCard, and used to establish correctness and security properties (still at byte code level) via suitable composition and abstraction techniques.
The verifications will be performed with theorem provers (programs that support and check logical arguments) and model checkers (programs that check the validity of correctness assertions by exhaustively testing all possible situations that can arise during execution).A prominent role will be played by the case studies provided by the participating industries (and additionally by the members of the End-User Panel), for multi-application smart cards used in banking and telecommunications (GSM). They involve both "good" applets, for which it must be shown that they function appropriately, and "bad" applets, whose malicious character must be detected, using the models of JavaCard.
What is unique about this project is the extensive use that will be made of modern tools (theorem provers and model checkers) in a concentrated attack on the correctness problems of a small and well-defined area, namely JavaCard, thus guaranteeing a high chance of success.

Milestones:
The VerifiCard project will provide:
1. fully specified and verified components of the JavaCard platform, including the byte code verifier (BCV), the cap-file Converter and the class library (API), based on the open JavaCard standard.L%2. on this basis, fully specified and verified JavaCard application programs (applets). These will be provided by the industrial partners, stemming from the main smart card application areas: banking and mobile communication.

Funding Scheme

CSC - Cost-sharing contracts

Coordinator

STICHTING KATHOLIEKE UNIVERSITEIT
Address
Geert Grooteplein-noord 9
6525 EZ Nijmegen
Netherlands

Participants (5)

AXALTO SA
France
Address
Avenue Jean Jaures 50
92120 Montrouge
INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQUE ET EN AUTOMATIQUE
France
Address
Domaine De Voluceau
78153 Le Chesnay
SICS, SWEDISH INSTITUTE OF COMPUTER SCIENCE AB
Sweden
Address
Isafjordsgatan 22
164 29 Kista
TECHNISCHE UNIVERSITAET KAISERSLAUTERN
Germany
Address
Gottlieb-daimler-strasse
67663 Kaiserslautern
TECHNISCHE UNIVERSITAET MUENCHEN
Germany
Address
Arcisstrasse 21
80333 Muenchen