论文信息 - EMV Card: Generation of Test Cases based on SysML Models

EMV Card: Generation of Test Cases based on SysML Models

Abstract The smart cards are increasingly used in several fields with critical data that require security. We cite, as example, the medical field and payment shopping with smart card. Therefore, the hardware and software security of smart cards is one of the key elements of the security of sensitive information handled. Currently, several scientific researchers are interested in studying and enhancing the smart cards security. The study of vulnerabilities is a prerequisite for building security guarantees of this type of devices. Indeed, each vulnerability can easily lead to an attack. In this paper, we generate vulnerability test cases based on models of Europay-MasterCard and Visa (EMV) specifications. We used SysML language to model the EMV transaction through machine state diagram. Then, we generated Event-B model that we exploit it to generate vulnerability and robustness test cases. This work aims to ensure the safety of EMV cards against attacks exploiting the vulnerability of the system.

Jean-Louis Lanet | Abdelmalek Azizi | Mostafa Azizi | Noura Ouerdi | M'hammed Ziane

[1] J. R. Abrial,et al. The B-Book: Mathematics , 1996 .

[2] Michael Butler,et al. The Rodin formal modelling tool , 2007 .

[3] Steve Schneider. The B-method - an introduction , 2001, The cornerstones of computing series.

[4] Jean-Raymond Abrial,et al. The B-book - assigning programs to meanings , 1996 .

[5] Colin F. Snook,et al. UML-B: A Plug-in for the Event-B Tool Set , 2008, ABZ.

[6] J. R. Abrial,et al. The B-Book: Programming , 1996 .

[7] Tossaporn Joochim,et al. Bringing requirements engineering to formal methods : timing diagrams for Event-B and KAOS , 2010 .

[8] Wim Dehaene,et al. UML 2 and SysML: an approach to deal with complexity in SoC/NoC design , 2005, Design, Automation and Test in Europe.

[9] Marc Frappier,et al. Automatic Generation of Vulnerability Tests for the Java Card Byte Code Verifier , 2011, 2011 Conference on Network and Information Systems Security.