Verification of Java Card Programs

Verification of Java Card Programs

Erstgutachter: Prof. Dr. Wolfgang Reif
Zweitgutachter: Prof. Dr. Bernhard Bauer
Dissertation, Fakultät für Angewandte Informatik, Universität Augsburg, 2005


Smart cards are used in security critical applications where money or private data is involved. Examples are the German Geldkarte or new passports with biometrical data. Design or programming errors can have severe consequences. Formal methods are the best means to avoid errors. Java Card is a restricted version of Java to program smart cards. This work presents a logical calculus to formally prove the correctness and security of Java Card programs. The calculus is implemented in the KIV system, and ready for use. First, an operational big-step semantics for sequential Java is presented based on algebraic specifications. All Java language constructs are modeled. Then, a sequent calculus for dynamic logic for Java Card is developed, and the correctness of the calculus is formally proved. The calculus is designed to support libraries, the reuse of proofs, and program modifications. This entails two different notions of type soundness, the standard one, and a weaker version. Furthermore, the calculus is not restricted to Java Card, but can be used for arbitrary sequential Java program. The work ends with some intricate examples. All properties and theorems are formally proved with the KIV system. The resulting verification system is able to cope with real-life e-commerce applications.

The official reference for the dissertation is

You can browse the formal specifications and proofs of the dissertation. (This requires an xml/xslt-capable browser like Firefox or Internet Explorer.)