Java on Smart Cards: Programming and Security

Smart cards are playing an increasingly important role in areas such as ban- 1 king,electroniccommerce,andtelecommunications. TheJavaCard language hasbeenproposedasahigh-levellanguageforprogrammingmulti-application smartcards. Theuseofahigh-levellanguagecanfacilitatethedevelopmentand veri?cation of software for smart cards. The modest code size and the imp- tanceoftheapplicationareasimpliesthatitisbothpossibleanddesirableto developandapplyformalmethodsintheconstructionofsafeandsecureJava Cardsoftware. ThepresentvolumeconstitutestheproceedingsoftheJavaCardworkshop heldinCannes,14September2000. TheworkshopgrewoutoftheINRIAAction deRechercheCoop´erative“JavaCard”andwasorganizedincollaborationwith the Java Card Forum. A call for papers resulted in 14 submissions of which theprogramcommitteeselected11papersforpresentationattheworkshop. In addition,theworkshopfeaturedaninvitedtalkbyDanielLeM´etayer,Trusted Logic,onformalmethodsandsmartcardsecurity. WewishtothankCatherine Godest and Maryse Renaud for their help with preparing the proceedings for thisworkshop. February2001IsabelleAttali ThomasJensen 1 ItshouldbenotedthatJavaCardisatrademarkofSunMicrosystems. Organization ProgramCommittee ProgramChair: IsabelleAttali(INRIA,France) ThomasJensen(IRISA/CNRS,France) Committeemembers: ChristianGoire(BullCP8,France) SebastianHans(SunMicrosystems,USA) PieterHartel(UniversityofSouthampton,UK) PeterHoneyman(UniversityofMichigan,USA) PierreParadinas(Gemplus,France) JoachimPosegga(SAPCorporateResearch,Germany) TableofContents InvitedTalk FormalMethodsinContext:SecurityandJavaCard . . . . . . . . . . . . . . . . . . . 1 D. Bolignano,D. LeM´etayer,C. Loiseaux ContributedPapers ADynamicLogicfortheFormalVeri?cationofJavaCardPrograms . . . . . 6 BernhardBeckert ThePACAPPrototype:AToolforDetectingJavaCardIllegalFlow . . . . . 25 P. Bieber,J. Cazin,A. ElMarouani,P. Girard,J. -L. Lanet,V. Wiels, G. Zanon CardKt:AutomatedMulti-modalDeductiononJavaCardsfor Multi-applicationSecurity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 RajeevGor´e,LanDuyNguyen A Programming and a Modelling Perspective on the Evaluation of Java CardImplementations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 PieterH. Hartel,EduarddeJong SecureInternetSmartcards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 NaomaruItoi,TomokoFukuzawa,PeterHoneyman IssuesinSmartcardMiddleware. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 RogerKehr,MichaelRohs,HaraldVogt OpenPlatfomSecurity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 MarcKekiche?,ForoughKashef,DavidBrewer ASimple(r)InterfaceDistributionMechanismforJavaCard . . . . . . . . . . . . 114 KsheerabdhiKrishna,MichaelMontgomery AutomaticTestGenerationforJavaCardApplets . . . . . . . . . . . . . . . . . . . . . 121 HuguesMartin,LydieduBousquet FormalSpeci?cationandVeri?cationofJavaCard’sApplicationIdenti?er Class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 JoachimvandenBerg,BartJacobs,ErikPoll X TableofContents Security on Your Hand: Secure Filesystems with a “Non-cryptographic” JAVA-Ring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 R¨udigerWeis,BastiaanBakker,StefanLucks AuthorIndex . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Formal Methods in Context: Security and Java Card D. Bolignano, D. Le Métayer, and C. Loiseaux Trusted Logic www. trusted-logic. fr 1. Security and Java Card: An Ideal Application Area for Formal Methods The benefits of formal methods for software engineering have been described at length in many research papers. They include among others: Better understanding and improved communication through unambiguous descriptions. Early bug detection thanks to the formalisation of specifications.