Formalizing non-interference for a simple bytecode language in Coq

In this paper, we describe the application of the interactive theorem prover Coq to the security analysis of bytecode as used in Java. We provide a generic specification and proof of non-interference for bytecode languages using the Coq module system. We illustrate the use of this formalization by applying it to a small subset of Java bytecode. The emphasis of the paper is on modularity of a language formalization and its analysis in a machine proof

Java Card:An analysis of the most successful smart card operating system

To explain why the Java Card operating system has become the most successful smart card operating system to date, we analyze the realized features of the current Java Card version, we argue it could be enhanced by adding a number of intended features and we discuss a set of complementary features that have been suggested. No technology can be successful without the right people and the right circumstances, so we provide some insights in the personal and historical historic aspects of the success of Java Card

Computer Security from a Programming Language and Static Analysis Perspective

International audienceA short survey on language-based computer security. Extended abstract of invited lecture

Towards Sophisticated Air Traffic Control System Using Formal Methods

We propose a general formal modeling and verification of the air traffic control system (ATC). This study is based on the International Civil Aviation Organization (ICAO), Federal Aviation Administration (FAA), and National Aeronautics and Space Administration (NASA) standards and recommendations. It provides a sophisticated assistance system that helps in visualizing aircrafts and presents automatic bugs detection. In such a critical safety system, the use of robust formal methods that assure bugs absence is highly required. Therefore, this work suggests a formalism of discrete transition systems based on abstraction and refinement along proofs. These ensure the consistency of the system by means of invariants preservation and deadlock freedom. Hence, all invariants hold permanently providing a handy solution for bugs absence verification. It follows that the said deadlock freedom ensures a continuous running of a given system. This specification and modeling technique enable the system to be corrected by construction. Document type: Articl

Bytecode verification on Java smart cards

International audienceThis article presents a novel approach to the problem of bytecode verification for Java Card applets. By relying on prior off-card bytecode transformations, we simplify the bytecode verifier and reduce its memory requirements to the point where it can be embedded on a smart card, thus increasing significantly the security of post-issuance downloading of applets on Java Cards. This article describes the on-card verification algorithm and the off-card code transformations, and evaluates experimentally their impact on applet code size