Formal Reasoning About Non-atomic Java Card Methods in Dynamic Logic

We present an extension to Java Card Dynamic Logic, a program logic for reasoning about Java Card programs, to handle Java Card's so-called non-atomic methods. Although Java Card DL already supports the atomic transaction mechanism of Java Card, non-atomic methods present an additional challenge: state updates triggered by such a non-atomic method are not subjected to any transaction that may possibly be in progress. The semantics of a non-atomic method itself seems to be simple and straightforward to formalise, however experimental studies showed that non-atomic methods affect the whole semantics of the Java Card transaction mechanism in a subtle way, in particular, it affects the notion of a transaction roll-back. In this paper we show how to adapt Java Card DL to accommodate this newly discovered complex transaction behaviour. The extension completes the formalisation of all of Java Card in Dynamic Logic.

[1]  Bart Jacobs,et al.  Java Program Verification via a Hoare Logic with Abrupt Termination , 2000, FASE.

[2]  Stefania Gnesi,et al.  FME 2003: Formal Methods: International Symposium of Formal Methods Europe, Pisa, Italy, September 8-14, 2003. Proceedings , 2003, Lecture Notes in Computer Science.

[3]  Bernhard Beckert,et al.  Dynamic Logic , 2007, The KeY Approach.

[4]  Z. Chen Java Card Technology for Smart Cards: Architecture and Programmer''s Guide. The Java Series. Addis , 2000 .

[5]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[6]  E. Poll,et al.  Transactions and non-atomic API calls in Java Card: specification ambiguity and strange implementation behaviours , 2004 .

[7]  Arnd Poetzsch-Heffter,et al.  An Architecture for Interactive Program Provers , 2000, TACAS.

[8]  Erik Poll,et al.  Reasoning about Card Tears and Transactions in Java Card , 2004, FASE.

[9]  Bernhard Beckert,et al.  A Program Logic for Handling JAVA CARD's Transaction Mechanism , 2003, FASE.

[10]  Claude Marché,et al.  The KRAKATOA tool for certificationof JAVA/JAVACARD programs annotated in JML , 2004, J. Log. Algebraic Methods Program..

[11]  Perdita Stevens,et al.  Modelling Recursive Calls with UML State Diagrams , 2003, FASE.

[12]  Thomas Jensen,et al.  Java on Smart Cards:Programming and Security , 2001, Lecture Notes in Computer Science.

[13]  David,et al.  Analyzing Java in Isabelle/HOL , 2001 .

[14]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[15]  Yde Venema,et al.  Dynamic Logic by David Harel, Dexter Kozen and Jerzy Tiuryn. The MIT Press, Cambridge, Massachusetts. Hardback: ISBN 0–262–08289–6, $50, xv + 459 pages , 2002, Theory and Practice of Logic Programming.

[16]  Stephen Gilmore,et al.  Mobile Resource Guarantees for Smart Devices , 2004, CASSIS.

[17]  Wojciech Mostowski From Sequential Java to Java Card , 2007, The KeY Approach.

[18]  Akinori Yonezawa,et al.  Software Security — Theories and Systems , 2003, Lecture Notes in Computer Science.

[19]  D. B. Davis,et al.  Sun Microsystems Inc. , 1993 .

[20]  Bart Jacobs,et al.  Java Program Verification at Nijmegen: Developments and Perspective , 2003, ISSS.

[21]  Bernhard Beckert,et al.  A Dynamic Logic for the Formal Verification of Java Card Programs , 2000, Java Card Workshop.

[22]  Jean-Louis Lanet,et al.  Java Applet Correctness: A Developer-Oriented Approach , 2003, FME.

[23]  Kurt Stenzel A Formally Verified Calculus for Full Java Card , 2004, AMAST.

[24]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[25]  Reiner Hähnle,et al.  Verification of Safety Properties in the Presence of Transactions , 2004, CASSIS.

[26]  Wojciech Mostowski,et al.  Formalisation and Verification of Java Card Security Properties in Dynamic Logic , 2005, FASE.