论文信息 - Implementing a Formally Verifiable Security Protocol in Java Card

Implementing a Formally Verifiable Security Protocol in Java Card

This paper describes a case study in refining an abstract security protocol description down to a concrete implementation on a Java Card smart card. The aim is to consider the decisions that have to be made in the development of such an implementation in a systematic way, and to investigate the possibilities of formal specification and verification in the design process and for the final implementation.

Erik Poll | Engelbert Hubbers | Martijn Oostdijk

[1] Peter Y. A. Ryan,et al. The modelling and analysis of security protocols: the csp approach , 2000 .

[2] Abhay Bhorkar,et al. A Run-time Assertion Checker for Java using JML , 2000 .

[3] Néstor Cataño,et al. Formal Specification and Static Checking of Gemplus' Electronic Purse Using ESC/Java , 2002, FME.

[4] Gavin Lowe. Casper: a compiler for the analysis of security protocols , 1998 .

[5] Bart Jacobs,et al. Formal specification of the JavaCard API in JML: the APDU class , 2001, Comput. Networks.

[6] John A. Clark,et al. A survey of authentication protocol literature: Version 1.0 , 1997 .

[7] Bart Jacobs,et al. Reasoning about Java classes: preliminary report , 1998, OOPSLA '98.

[8] Bart Jacobs,et al. Specifying and Verifying a Decimal Representation in Java for Smart Cards , 2002, AMAST.

[9] Martín Abadi,et al. A logic of authentication , 1990, TOCS.

[10] Yoonsik Cheon,et al. A Runtime Assertion Checker for the Java Modeling Language (JML) , 2003, ICSE 2003.

[11] Renaud Marlet,et al. Security Properties and Java Card Specificities To Be Studied in the SecSafe Project , 2001 .

[12] Bart Jacobs,et al. Specification of the JavaCard API in JML , 2000, CARDIS.

[13] Peter A. Lindsay,et al. FME 2002:Formal Methods—Getting IT Right , 2002, Lecture Notes in Computer Science.