Development of an Embedded Verifier for Java Card Byte Code Using Formal Methods

The Java security policy is implemented using security components such as a Java Virtual Machine (JVM), API, verifier, and a loader. It is of prime importance to ensure that these components are implemented in accordance with their specifications. Formal methods can be used to bring the mathematical proof that their implementation corresponds to their specification. In this paper, we introduce the formal development of a complete byte code verifier for Java Card and its on-card integration. In particular, we aim to focus on the model and the proof of the complete type verifier for the Java Card language. The global architecture of the verification process implemented in this real industrial case study is described and the detailed specification of the type verifier is discusses as well as its proof. Moreover, this paper presents a comparison between formal and traditional development, summing up the pros and cons of using formal methods in industry.

[1]  Zhenyu Qian,et al.  Toward a provably-correct implementation of the JVM bytecode verifier , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[2]  Martin Wirsing,et al.  An Event-Based Structural Operational Semantics of Multi-Threaded Java , 1999, Formal Syntax and Semantics of Java.

[3]  J. R. Abrial,et al.  The B-Book: Mathematics , 1996 .

[4]  Yves Bertot,et al.  A Coq Formalization of a Type Checker for Object Initialization in the Java Virtual Machine , 2000 .

[5]  Cornelia Pusch,et al.  Proving the Soundness of a Java Bytecode Verifier Specification in Isabelle/HOL , 1999, TACAS.

[6]  Xavier Leroy On-Card Bytecode Verification for Java Card , 2001, E-smart.

[7]  Tobias Nipkow,et al.  Verified lightweight bytecode verification , 2001, Concurr. Comput. Pract. Exp..

[8]  David von Oheimb,et al.  Mujava: embedding a programming language in a theorem prover , 1999 .

[9]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[10]  George C. Necula,et al.  Proof-carrying code , 1997, POPL '97.

[11]  Tobias Nipkow Verified Bytecode Verifiers , 2001, FoSSaCS.

[12]  J. R. Abrial,et al.  The B-Book: Programming , 1996 .

[13]  Cornelia Pusch Proving the Soundness of a Java , 1998 .

[14]  Xavier Leroy,et al.  Bytecode verification on Java smart cards , 2002 .

[15]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[16]  Zhenyu Qian,et al.  A Formal Specification of Java Virtual Machine Instructions for Objects, Methods and Subrountines , 1999, Formal Syntax and Semantics of Java.

[17]  Gilles Grimaud,et al.  Application of the B formal method to the proof of a type verification algorithm , 2000, Proceedings. Fifth IEEE International Symposium on High Assurance Systems Engineering (HASE 2000).

[18]  Eva Rose,et al.  Lightweight Bytecode Verification , 2004, Journal of Automated Reasoning.

[19]  Ludovic Casset Formal Implementation of a Verification Algorithm using the B Method , 2001 .