Industrial Use of Formal Methods for a High-Level Security Evaluation
作者: Boutheina Chetali , Quang-Huy Nguyen
DOI: 10.1007/978-3-540-68237-0_15
关键词:
摘要: This paper presents an effective use of formal methods for the development and security certification smart card software. The approach is based on Common Criteria's methodology that requires to prove a product implements claimed level. work led world-first commercial Java CardTMproduct involving all assurances needed reach highest For this certification, have been used design implementation functions Card system embedded in product. We describe refinement scheme meet requirements models proofs. In particular, we show how build proof ensures objectives specification. also provide some lessons learned from important application cards industry.
springer.com
springerlink.com参考文章(16)
Julien Iguchi-Cartigny, Jean-Louis Lanet, Dieter Gollmann, Smart Card Research and Advanced Application ,(2011)
Gilles Barthe, Guillaume Dufay, Formal Methods for Smartcard Security Foundations of Security Analysis and Design III. pp. 133- 177 ,(2005) , 10.1007/11554578_5
June Andronick, Boutheina Chetali, Olivier Ly, Using Coq to verify Java card applet isolation properties theorem proving in higher order logics. pp. 335- 351 ,(2003) , 10.1007/10930755_22
Sandrine Blazy, Zaynah Dargaye, Xavier Leroy, Formal Verification of a C Compiler Front-End FM 2006: Formal Methods. ,vol. 4085, pp. 460- 475 ,(2006) , 10.1007/11813040_31
Foundations of Security Analysis and Design V: FOSAD 2007/2008/2009 Tutorial Lectures Lecture Notes in Computer Science. ,vol. 5705, ,(2009) , 10.1007/978-3-642-03829-7
David Aspinall, Jaroslav Ševčík, Formalising java's data race free guarantee theorem proving in higher order logics. pp. 22- 37 ,(2007) , 10.1007/978-3-540-74591-4_4
Quang-Huy Nguyen, Boutheina Chetali, Certifying Native Java Card API by Formal Refinement Smart Card Research and Advanced Applications. pp. 313- 328 ,(2006) , 10.1007/11733447_23
June Andronick, Quang-Huy Nguyen, Certifying an embedded remote method invocation protocol Proceedings of the 2008 ACM symposium on Applied computing - SAC '08. pp. 352- 359 ,(2008) , 10.1145/1363686.1363777
June Andronick, Boutheina Chetali, Christine Paulin-Mohring, Formal Verification of Security Properties of Smart Card Embedded Source Code FM 2005: Formal Methods. pp. 302- 317 ,(2005) , 10.1007/11526841_21
Xavier Leroy, Formal certification of a compiler back-end or: programming a compiler with a proof assistant symposium on principles of programming languages. ,vol. 41, pp. 42- 54 ,(2006) , 10.1145/1111037.1111042