DOCSLIB.ORG

Smart Cards and Java Card

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Smart Cards and Java Card Outline Background: JavaCard Program Verification • Smart cards and JavaCard Erik Poll LOOP project at Nijmegen: verification of JML-annotated JavaCard programs in PVS University of Nijmegen • a semantics of Java • JML specification language for Java Joint work with • a logic for JML Joachim van den Berg, Cees-Bart Breunesse, Engelbert Hubbers, Bart Jacobs, Hans Meijer, Martijn Oostdijk • JML specifications for the JavaCard API JavaCard Program Verification – p.1/61 JavaCard Program Verification – p.2/61 smart cards Card with a chip providing CPU and memory (ROM, RAM, EEPROM) capable of • storing information (tamper resistant!) • processing information, notably en/de-cryption Smart Cards and Java Card NB private keys never have to leave the card ! Applications • Now: bank card, mobile phone SIM • Future: ID cards, access control for networks, PKI support, access control for networks, . JavaCard Program Verification – p.3/61 JavaCard Program Verification – p.4/61 Old vs new smart cards Java Card Traditional smart cards: Subset of Java for programming smart cards, • one program (or ‘applet’) • without threads, floats, . , very limited API • written in chip-specific machine code extended with • burnt into ROM • persistent and transient objects (EEPROM and RAM) New generation smart cards: • transaction mechanism and increased security: • several applets, written in high level language • standard sandbox + firewall between applets. • compiled to byte code • stored in EEPROM • executed on virtual machine and mini-OS, which hide hardware details JavaCard Program Verification – p.5/61 JavaCard Program Verification – p.6/61 Pros & cons Security issues for smart cards Advantages of new generation smart cards: Like a virus, a malicious applet could exploit weaknesses in • development quicker and cheaper platform or in other applets. • multi-application: several (possibly interacting) • Is (an implementation of) the platform secure ? applets on one smart card • Is a given applet secure/not malicious ? • post-issuance download: adding or deleting applets on a card (cf. downloading applets in web browser, but Increasing demands for security evaluation. controlled with digital signatures, using Visa OP) Common Criteria (CC), the ISO standard for security but additional security threats ! evaluation, distinguishes 7 levels. Current cards are evaluated up to levels 4+5. The highest levels (6+7) require formal verification. JavaCard Program Verification – p.7/61 JavaCard Program Verification – p.8/61 VerifiCard Project Formal methods for JavaCard • EU-sponsered IST-project of 2 smartcard producers and 5 academic research groups in tool-assisted JavaCard is an ideal target for use of formal methods: verification for Java(Card). • Work on • Programs involved are small • formal descriptions of platform (JCVM, byte code • Platform is relatively small and simple verifier) for CC evaluations • Correctness & security are of vital importance • applet verification • non-interference and information-flow properties • Cards are distributed in large numbers • case studies (banking, GSM) provided by industrial • Smart card industry is open to formal methods partners. Potential killer application for formal methods ? But if we can’t even do this . JavaCard Program Verification – p.9/61 JavaCard Program Verification – p.10/61 VerifiCard: Topics VerifiCard: other partners Academic: JavaCard platform applets INRIA Barthe, Bertot France TU Munich Nipkow Germany VM, bytecode Univ. Hagen Poetzsch-Heffter Germany byte abstract interpretation verifier, compiler SICS Dam Sweden code & model checking formalisation Industrial: Gemplus Lanet France API annotation in applet annotation in Schlumberger CP8 Goire France source JML & Hoare-style JML & Hoare-style code verification verification JavaCard Program Verification – p.11/61 JavaCard Program Verification – p.12/61 The LOOP Project Verification of JML-annotated Java(Card) programs based on • a denotational semantics for sequential Java, formalised in PVS The LOOP project • a compiler – the LOOP tool – which translates A.java to A.pvs describing its semantics. • a logic for reasoning about JML, formalised in PVS ie. a shallow embedding of Java and JML in PVS JavaCard Program Verification – p.13/61 JavaCard Program Verification – p.14/61 LOOP tool for Java/JML The LOOP Project: results so far JML-annotated Java class A.java • translation covers essentially all sequential Java • translation of JML under construction, but covers basics. LOOP compiler • case studies: • non-trivial invariant for Java’s Vector class • AID class from JavaCard API meaning of Java class [[A]].pvs with • Purse applet (under development) proof obligations as Hoare sentences • large collection of smaller test examples PVS theorem prover QED JavaCard Program Verification – p.15/61 JavaCard Program Verification – p.16/61 Rest of this talk • Semantics of Java • Java specification language JML • Hoare logic for Java/JML Semantics of Java • JML specifications of JavaCard API JavaCard Program Verification – p.17/61 JavaCard Program Verification – p.18/61 Java Semantics Example: Java control flow Standard denotational semantics of imperative program P : public int arrayProduct(int[] a) f [[ ]] / if (a == null) throw new MyNullPointerException(); S 1 + S if (a.length == 0) return 1; int prod = 1; where S is the state space and 1 = f?g stands for for (int i=0; i < a.length; i++)f nontermination. if (a[i]==0) fprod = 0; break;g ; But: Java has abrupt termination because of if (a[i]==1) continue; prod = prod * a[i]; • exceptions, throw(E) g; • return that exits a method return prod; • break that exits a repetition g • continue that skips remainder of a repetition so the semantics becomes more complicated . JavaCard Program Verification – p.19/61 JavaCard Program Verification – p.20/61 Java semantics: statements Example: composition Semantics of Java statement P : For two statements [[ ]] s1; s2 : S ! 1 + S + StatAbn S / 1 + S + StatAbn the composition is defined as where (s1 ; s2) · x = CASES s1 · x OF f StatAbn = (S × RefType) state with exception object hang 7−! hang +S return j norm(x ) 7−! s2 · x +(S × (1 + String)) break with label j abnorm(a) 7−! abnorm(a) g +(S × (1 + String)) continue with label In this way all Java constructs are translated into PVS. JavaCard Program Verification – p.21/61 JavaCard Program Verification – p.22/61 Java semantics : expressions Example: Addition Semantics of Java expression E e: For two int-expressions [[ ¡ ]] e1; e2 : S ! 1 + S × Int + ExprAbn S / 1 + S × E + ExprAbn addition is defined as (e1+e2) · x = where CASES e1 · x OF f ExprAbn S RefType state with exception object = ( × ) hang 7−! hang j norm(x ; val1) 7−! CASES e2 · x OF f hang 7−! hang j norm(x ; val2) 7−! norm(x ; val1 + val2) j abnorm(a ) 7−! abnorm(a ) g j abnorm(a) 7−! abnorm(a) g JavaCard Program Verification – p.23/61 JavaCard Program Verification – p.24/61 LOOP Java semantics LOOP tool for Java • representation of state space (or object model), Java class A.java mapping references to values • semantics of all Java statements constructs: ; LOOP compiler if (...) f...g else f...g try f...g catch ... finally f...g . • semantics of Java expression constructs: meaning of Java class PVS theories for object model and + , - , . , && , & , . , x = . , . + [[A]].pvs as PVS theory semantics of Java constructs • semantics of classes incl. inheritance: method tables of statements/expression-valued functions, generated by the LOOP tool Together covering essentially all of sequential Java PVS theorem prover JavaCard Program Verification – p.25/61 JavaCard Program Verification – p.26/61 Java Modeling Language JML Specification language by Gary Leavens (Iowa Univ.) for annotating Java programs with • pre- and postconditions cf. Eiffel and • invariants Design by Contract JML • frame conditions (modifiability constraints) • specification-only variables (model variables) • . Pre-, postconditions, and invariants in JML are Java boolean expressions, extended with \forall, \exists, ==>, \old( ), . JavaCard Program Verification – p.27/61 JavaCard Program Verification – p.28/61 JML example JML example class A f class A f int i; int i; //@ invariant 0 <= i && i <= MAX; public void change_i(int j) throws MyException public void change_i(int j) throws MyException f if (j == 0) return ; f if (j == 0) return ; if (i+j > MAX) throw new MyException(); if (i+j > MAX) throw new MyException(); i = i+j; i = i+j; g g JavaCard Program Verification – p.29/61 JavaCard Program Verification – p.30/61 JML example JML example class A f class A f int i; int i; //@ invariant 0 <= i && i <= MAX; //@ invariant 0 <= i && i <= MAX; public void change_i(int j) throws MyException public void change_i(int j) throws MyException /*@ requires j >= 0; /*@ requires j >= 0; ensures i = nold(i)+j; ensures i = nold(i)+j; signals (MyException) i+j > MAX; @*/ @*/ f if (j == 0) return ; f if (j == 0) return ; if (i+j > MAX) throw new MyException(); if (i+j > MAX) throw new MyException(); i = i+j; i = i+j; g g pre- and post-condition “exceptional” postcondition JavaCard Program Verification – p.31/61 JavaCard Program Verification – p.32/61 JML example JML example class A f class A f int i; int i; //@ invariant 0 <= i && i <= MAX; //@ invariant 0 <= i && i <= MAX; public void change_i(int j) throws MyException public void change_i(int j) throws MyException /*@ requires j >= 0; /*@ requires j >= 0; modifiable i; ensures i = nold(i)+j; ensures i = nold(i)+j; signals (MyException) i+j > MAX; signals (MyException) i+j > MAX; @*/ @*/ f if (j == 0) return ; f if
Load more

Recommended publications
  • Tampering with Java Card Exceptions the Exception Proves the Rule
    Tampering with Java Card Exceptions The Exception Proves the Rule Guillaume Barbu1,2, Philippe Hoogvorst1 and Guillaume Duc1 1Institut Mines-T´el´ecom / T´el´ecom ParisTech, CNRS LTCI, D´epartement COMELEC, 46 rue Barrault, 75634 Paris Cedex 13, France 2Oberthur Technologies, Innovation Group, Parc Scientifique Unitec 1 - Porte 2, 4 all´ee du Doyen George Brus, 33600 Pessac, France Keywords: Java Card, Java Exceptions, Software Attacks, Fault Attacks, Combined Attacks. Abstract: Many publications have studied the various issues concerning Java Cards security regarding software and/or hardware attacks. However, it is surprising to notice that the particular case of exception-related mechanisms has not been tackled yet in the literature. In this article, we fill this gap by proposing several attacks against Java Card platforms based on both exception handling and exception throwing. In addition, this study allows us to point out that a weakness known by the web-oriented Java community for more than a decade still passes the different steps of the state-of-the-art Java Card application deployment process (namely conversion and verification). This appears all the more important as the Java Card 3 Connected Edition specifications have started to bridge the gap between the two worlds that are Java Cards and Java web services. 1 INTRODUCTION that no pointer arithmetic is used in a Java Card ap- plication and that objects behave according to a given The Java Card technology is, as of today, the world’s contract defined by their Java class, superclasses and leading technology in the smart card field. This lead- interfaces.
    [Show full text]
  • 1 Introduction
    User Customization of Virtual Network Interfaces with U-Net/SLE David Opp enheimer and Matt Welsh fdavidopp,[email protected] Decemb er 9, 1997 Abstract We describ e U-Net/SLE Safe Language Extensions, a user-level network interface architecture which enables p er-application customization of communication semantics through downloading of user extension applets, imple- mented as Java class les, into the network interface. This architecture p ermits application s to safely sp ecify co de to b e executed within the NI on message transmission and reception. By leveraging the existing U-Net mo del, applications may implement proto col co de at the user level, within the NI, or using some combination of the two. Our current implementation, using the Myricom Myrinet interface and a small Java Virtual Machine subset, obtains go o d p erformance, allowing host communication overhead to b e reduced and improving the overlap of communication and computation during proto col pro cessing. 1 Intro duction Recentwork in high-sp eed interconnects for distributed and parallel computing architectures, particularly workstation clusters, has fo cused on developmentofnetwork interfaces enabling low-latency and high-bandwidth communication. Often, these systems bypass the op erating system kernel to achieve high p erformance; however the features and functionality provided by these di erent systems vary widely. Several systems, such as U-Net [26] and Active Messages [27], virtualize the network interface to provide multiple applications on the same host with direct, protected network access. Other systems, including Fast Messages [16] and BIP [17], eschew sharing the network in lieu of design simplicity and high p erformance.
    [Show full text]
  • Java Card 2.0 Programming Concepts
    Java Card 2.0 Programming Concepts October 15, 1997 Revision 1.0 Final ©1997 Sun Microsystems, Inc. Java Card 2.0 Programming Concepts ©1997 Sun Microsystems, Inc. 901 San Antonio Road, Palo Alto, California 94303-4900 U.S.A. This document is protected by copyright. Sun Microsystems, Inc. ("SUN") hereby grants to you a fully-paid, nonexclusive, nontransferable, perpetual, worldwide, limited license (without the right to sublicense), under Sun's intellectual property rights that are essential to use this specification ("Specification"), to use the Specification for the sole purpose of developing applications or applets that may interoperate with implementations of the Specification developed pursuant to a separate license agreement with SUN. RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions of FAR 52.227-14(g)(2)(6/87) and FAR 52.227-19(6/87), or DFAR 252.227-7015(b)(6/95) and DFAR 227.7202-3(a). This specification contains the proprietary information of Sun and may only be used in accordance with the license terms set forth above. SUN MAKES NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY OF THE SPECIFICATION, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON- INFRINGEMENT. SUN SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SPECIFICATION OR ITS DERIVATIVES. TRADEMARKS Sun, the Sun logo, Sun Microsystems, JavaSoft, JavaBeans, JDK, Java, HotJava, HotJava Views, Java Card, Java WorkShop, the Java Coffee Cup logo, and Visual Java are trademarks or registered trademarks of Sun Microsystems, Inc.
    [Show full text]
  • Java EE  Java Platforms  Java Card: Smart Card Version  Java ME (Micro Edition): Embedded Systems, E.G
    Enterprise Application Development An Introduction to Java Enterprise Edition Shahid Beheshti University Sadegh Aliakbary Outline Enterprise Application Development Web Programming Java Enterprise Edition Architectures Patterns Standards Technologies 2 Sadegh Aliakbary JavaEE Static Web Pages HTML Files Browser Web Server www.abc.com/index.html index.html 3 Sadegh Aliakbary JavaEE Dynamic Web Pages Form Web Server Browser Submit Form 4 Sadegh Aliakbary JavaEE Web Application Definition: A web application is an application delivered to users from a web server over a network such as the Internet Only needs a web browser to use the application (Thin Client) Software application that is coded in a browser-supported language Common web applications, e.g., webmail, Google Docs, Portals, … 5 Sadegh Aliakbary JavaEE Web Applications Layers Logical Partitioning Layering Common layering in web applications Presentation Layer Business logic Layer Data (management/source) Layer These layers are purely abstractions These layers may not correspond to physical distribution (tiers) 6 Sadegh Aliakbary JavaEE Presentation Layer Handling the interactions between the user and the software GUI HTML based browser The user interface of the application Can be made up client side & server side codes It communicates with other layers by outputting results to the browser/client software and all other layers What is this layer in Facebook? 7 Sadegh Aliakbary JavaEE Business Logic Layer The work that the application needs to do for the domain
    [Show full text]
  • Oracle® Java Micro Edition Software Development Kit Developer's Guide Release 3.2 for Windows E24265-04
    Oracle® Java Micro Edition Software Development Kit Developer's Guide Release 3.2 for Windows E24265-04 September 2012 This document describes how to use the Java ME SDK plugin for NetBeans. Oracle Java Micro Edition Software Development Kit, Release 3.2 for Windows E24265-04 Copyright © 2009, 2012, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs.
    [Show full text]
  • Application Programming Notes, Java Card 3 Platform, Classic Edition
    Application Programming Notes Java Card™ 3 Platform Classic Edition Sun Microsystems, Inc. www.sun.com July 2009 Copyright © 2009 Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, California 95054, U.S.A. All rights reserved. Sun Microsystems, Inc. has intellectual property rights relating to technology embodied in the product that is described in this document. In particular, and without limitation, these intellectual property rights may include one or more of the U.S. patents listed at http://www.sun.com/patents and one or more additional patents or pending patent applications in the U.S. and in other countries. U.S. Government Rights - Commercial software. Government users are subject to the Sun Microsystems, Inc. standard license agreement and applicable provisions of the FAR and its supplements. This distribution may include materials developed by third parties. Sun, Sun Microsystems, the Sun logo, Java, Solaris, Java Card, Mozilla, Netscape, Javadoc, JDK, JVM, NetBeans and Servlet are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries. UNIX is a registered trademark in the U.S. and other countries, exclusively licensed through X/Open Company, Ltd. The Adobe logo is a trademark or registered trademark of Adobe Systems, Incorporated. Products covered by and information contained in this service manual are controlled by U.S. Export Control laws and may be subject to the export or import laws in other countries. Nuclear, missile, chemical biological weapons or nuclear maritime end uses or end users, whether direct or indirect, are strictly prohibited. Export or reexport to countries subject to U.S.
    [Show full text]
  • GROOVY Name: Groovy Description: Documentation and Web Site of the Groovy Scripting Language for the JVM
    Space Details Key: GROOVY Name: Groovy Description: Documentation and web site of the Groovy scripting language for the JVM. Creator (Creation Date): bob (Apr 15, 2004) Last Modifier (Mod. Date): glaforge (Apr 12, 2005) Available Pages • Home • Advanced Usage Guide • Ant Task Troubleshooting • BuilderSupport • Compiling Groovy • Compiling With Maven2 • Design Patterns with Groovy • Abstract Factory Pattern • Adapter Pattern • Bouncer Pattern • Chain of Responsibility Pattern • Composite Pattern • Decorator Pattern • Delegation Pattern • Flyweight Pattern • Iterator Pattern • Loan my Resource Pattern • Null Object Pattern • Pimp my Library Pattern • Proxy Pattern • Singleton Pattern • State Pattern • Strategy Pattern • Template Method Pattern • Visitor Pattern • Dynamic language beans in Spring • Embedding Groovy • Influencing class loading at runtime • Make a builder • Mixed Java and Groovy Applications • Optimising Groovy bytecodes with Soot Document generated by Confluence on Sep 20, 2007 16:02 Page 1 • Refactoring with Groovy • Introduce Assertion • Replace Inheritance with Delegation • Security • Writing Domain-Specific Languages • Articles • Community and Support • Contributing • Mailing Lists • Related Projects • User Groups • Cookbook Examples • Accessing SQLServer using groovy • Alternate Spring-Groovy-Integration • Batch Image Manipulation • Compute distance from Google Earth Path (in .kml file) • Convert SQL Result To XML • Embedded Derby DB examples • Embedding a Groovy Console in a Java Server Application • Executing External
    [Show full text]
  • Java (Software Platform) from Wikipedia, the Free Encyclopedia Not to Be Confused with Javascript
    Java (software platform) From Wikipedia, the free encyclopedia Not to be confused with JavaScript. This article may require copy editing for grammar, style, cohesion, tone , or spelling. You can assist by editing it. (February 2016) Java (software platform) Dukesource125.gif The Java technology logo Original author(s) James Gosling, Sun Microsystems Developer(s) Oracle Corporation Initial release 23 January 1996; 20 years ago[1][2] Stable release 8 Update 73 (1.8.0_73) (February 5, 2016; 34 days ago) [±][3] Preview release 9 Build b90 (November 2, 2015; 4 months ago) [±][4] Written in Java, C++[5] Operating system Windows, Solaris, Linux, OS X[6] Platform Cross-platform Available in 30+ languages List of languages [show] Type Software platform License Freeware, mostly open-source,[8] with a few proprietary[9] compo nents[10] Website www.java.com Java is a set of computer software and specifications developed by Sun Microsyst ems, later acquired by Oracle Corporation, that provides a system for developing application software and deploying it in a cross-platform computing environment . Java is used in a wide variety of computing platforms from embedded devices an d mobile phones to enterprise servers and supercomputers. While less common, Jav a applets run in secure, sandboxed environments to provide many features of nati ve applications and can be embedded in HTML pages. Writing in the Java programming language is the primary way to produce code that will be deployed as byte code in a Java Virtual Machine (JVM); byte code compil ers are also available for other languages, including Ada, JavaScript, Python, a nd Ruby.
    [Show full text]
  • Towards Automated Software Evolution of Data-Intensive Applications
    City University of New York (CUNY) CUNY Academic Works Dissertations, Theses, and Capstone Projects CUNY Graduate Center 6-2021 Towards Automated Software Evolution of Data-Intensive Applications Yiming Tang The Graduate Center, City University of New York How does access to this work benefit ou?y Let us know! More information about this work at: https://academicworks.cuny.edu/gc_etds/4406 Discover additional works at: https://academicworks.cuny.edu This work is made publicly available by the City University of New York (CUNY). Contact: [email protected] Towards Automated Software Evolution of Data-intensive Applications by Yiming Tang A thesis submitted to the Graduate Faculty in Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy, The City University of New York. 2021 ii © 2021 Yiming Tang All Rights Reserved iii Towards Automated Software Evolution of Data-intensive Applications by Yiming Tang This manuscript has been read and accepted for the Graduate Faculty in Computer Science in satisfaction of the dissertation requirement for the degree of Doctor of Philosophy. May 14, 2021 Raffi Khatchadourian Date Chair of Examining Committee May 14, 2021 Ping Ji Date Executive Officer Supervisory Committee: Raffi Khatchadourian, Advisor Subash Shankar Anita Raja Mehdi Bagherzadeh THE CITY UNIVERSITY OF NEW YORK Abstract Towards Automated Software Evolution of Data-intensive Applications by Yiming Tang Advisor: Raffi Khatchadourian Recent years have witnessed an explosion of work on Big Data. Data-intensive appli- cations analyze and produce large volumes of data typically terabyte and petabyte in size. Many techniques for facilitating data processing are integrated into data- intensive applications.
    [Show full text]
  • Java Card 3 Programming
    Java Card 3 Programming Michel Koenig Java Card 3.0 Programming 1 Presentation objectives • Introducing the concepts and the technology of the smart cards • Describing the protocols between cards and terminals • Describing how to program the Java Cards • Exploring the tools and the environments provided by the manufacturers to develop solutions with smart cards Michel Koenig Java Card 3.0 Programming 2 Presentation content • Introduction • ISO7816 Protocol • Java Card • The basic rules for Java Card programming • Cyphering • SIM Card • Smart Card Web Server • Java Card 3.0 Connected Edition • Conclusion Michel Koenig Java Card 3.0 Programming 3 Introduction History, technology, standards Michel Koenig Java Card 3.0 Programming 4 Introduction ● In this chapter, we'll see ● A brief history of the smart cards ● The applications supported by the smart cards ● The standards supported Michel Koenig Java Card 3.0 Programming 5 Brief history • Early seventies, first patents – Dr Arimura, R Moreno, M Ugon • Early eighties, first field testing for a memory card – Phone card in France • Mid eighties, large scale introduction of smart cards in banking system • Mid nineties, SIM card introduced in mobile telephony Michel Koenig Java Card 3.0 Programming 6 What is a smart card • A plastic card like a credit card with an embedded micro chip – With or without visible contacts • Maybe contactless • Standardized – ISO 7816 • Mecanical properties • Electrical behavior • Communication protocol • Contains a software which – Protects internal data – Give access
    [Show full text]
  • Fully Verified JAVA CARD API Reference Implementation
    Fully Verified JAVA CARD API Reference Implementation Wojciech Mostowski Computing Science Department, Radboud University Nijmegen, the Netherlands [email protected] Abstract. We present a formally verified reference implementation of the JAVA CARD API. This case study has been developed with the KeY verification system. The KeY system allows us to symbolically execute the JAVA source code of the API in the KeY verification environment and, in turn, prove correctness of the implementation w.r.t. formal specification we developed along the way. The resulting formal API framework (the implementation and the specification) can be used to prove correctness of any JAVA CARD applet code. As a side effect, this case study also serves as a benchmark for the KeY system. It shows that a code base of such size can be feasibly verified, and that KeY indeed covers all of the JAVA CARD language specification. 1 Introduction We present a formally verified reference implementation of the JAVA CARD API version 2.2.1 [11]. JAVA CARD is a technology used to program smart cards and it comprises a subset of the desktop JAVA; a subset of the programming language itself, and a cut down version of the API. Reference implementations of the API that are normally available for JAVA CARD are developed for a particular running environment, usually a JAVA CARD simulator or emulator. Some of the API rou- tines are not implementable in JAVA alone. For example, JAVA CARD transaction mechanism functionality is normally provided by the JAVA CARD VM and/or the operating system of the actual smart card hardware.
    [Show full text]
  • Information Foraging in Debugging
    AN ABSTRACT OF THE DISSERTATION OF Joseph Lawrance for the degree of Doctor of Philosophy in Computer Science presented on June 12, 2009. Title: Information Foraging in Debugging. Abstract approved: __________________________________________ Margaret M. Burnett Programmers spend a substantial fraction of their debugging time by navigating through source code, yet little is known about how programmers navigate. With the continuing growth in size and complexity of software, this fraction of time is likely to increase, which presents challenges to those seeking both to understand and address the needs of programmers during debugging. Therefore, we investigated the applicability a theory from another domain, namely information foraging theory, to the problem of programmers’ navigation during software maintenance. The goal was to determine the theory’s ability to provide a foundational understanding that could inform future tool builders aiming to support programmer navigation. To perform this investigation, we first defined constructs and propositions for a new variant of information foraging theory for software maintenance. We then operationalized the constructs in different ways and built three executable models to allow for empirical investigation. We developed a simple information-scent-only model of navigation, a more advanced model of programmer navigation, named Programmer Flow by Information Scent (PFIS), which accounts for the topological structure of source code, and PFIS 2, a refinement of PFIS that maintains an up-to- date model of source code on the fly and models information scent even in the absence of explicit information about stated goals. We then used the models in three empirical studies to evaluate the applicability of information foraging theory to this domain.
    [Show full text]