JCML: A specification language for the runtime verification of Java Card programs

AbstractJava Card is a version of Java developed to run on devices with severe storage and processing restrictions. The applets that run on these devices are frequently intended for use in critical, highly distributed, mobile conditions. They are required to be portable and safe. Often, the requirements of the application impose the use of dynamic, on-card verifications, but most of the research developed to improve the safety of Java Card applets concentrates on static verification methods. This work presents a runtime verification approach based on Design by Contract to improve the safety of Java Card applications. To this end, we propose JCML (Java Card Modelling Language) a specification language derived from JML (Java Modelling Language) and its implementation: a compiler that generates runtime verification code. We also present some experiments and quality indicators. This paper extends previous published work from the authors with a more complete and precise definition of the JCML language and new experiments and results

Robotopias: mapping Utopian perspectives on new industrial technology

Purpose This paper maps utopian theories of technological change. The focus is on debates surrounding emerging industrial technologies which contribute to making the relationship between humans and machines more symbiotic and entangled, such as robotics, automation and artificial intelligence. The aim is to provide a map to navigate complex debates on the potential for technology to be used for emancipatory purposes and to plot the grounds for tactical engagements. Design/methodology/approach The paper proposes a two-way axis to map theories into to a six-category typology. Axis one contains the parameters humanist–assemblage. Humanists draw on the idea of a human essence of creative labour-power, and treat machines as alienated and exploitative form of this essence. Assemblage theorists draw on posthumanism and poststructuralism, maintaining that humans always exist within assemblages which also contain non-human forces. Axis two contains the parameters utopian/optimist; tactical/processual; and dystopian/pessimist, depending on the construed potential for using new technologies for empowering ends. Findings The growing social role of robots portends unknown, and maybe radical, changes, but there is no single human perspective from which this shift is conceived. Approaches cluster in six distinct sets, each with different paradigmatic assumptions. Practical implications Mapping the categories is useful pedagogically, and makes other political interventions possible, for example interventions between groups and social movements whose practice-based ontologies differ vastly. Originality/value Bringing different approaches into contact and mapping differences in ways which make them more comparable, can help to identify the points of disagreement and the empirical or axiomatic grounds for these. It might facilitate the future identification of criteria to choose among the approaches

Contactless payments :usability at the cost of security?

PhD ThesisEMV (Europay, MasterCard, Visa), commonly termed “Chip & PIN”, is becoming the dominant card based payment technology globally. The EMV Chip & PIN transaction protocol was originally designed to operate in an environment where the card was physically inserted into the POS terminal / ATM and used a wired connection to communicate. The introduction of EMV contactless payments technology raises an interesting question “has usability been improved at the cost of security?”. Specifically, to make contactless payments more convenient / usable, a wireless interface has been added to EMV cards and PIN entry has been waived for contactless payments. Do these new usability features make contactless cards less secure? This PhD thesis presents an analysis of the security of the EMV contactless payments. It considers the security of the EMV contactless transaction protocols as stand-alone processes and the wider impact of contactless technology upon the security of the EMV card payment system as a whole. The thesis contributes a structured analysis methodology which identifies vulnerabilities in the EMV protocol and demonstrates the impact of these vulnerabilities on the EMV payment system. The analysis methodology comprises UML diagrams and reference tables which describe the EMV protocol sequences, a protocol emulator which implements the protocol, a Z abstract model of the protocol and practical demonstrations of the research results. Detailed referencing of the EMV specifications provide a documented link between the exploitable vulnerabilities observed in real EMV cards and the source of the vulnerability in the EMV specifications. Our analysis methodology has identified two previously undocumented vulnerabilities in the EMV contactless transaction protocol. The potential existence of these vulnerabilities was identified using the Z abstract model with the protocol emulator providing experimental confirmation of the potential for real-world exploitation of the vulnerabilities and test results quantifying the extent of the impact. Once a vulnerability has been shown to be exploitable using the protocol emulator, we use practical demonstrations to show that these vulnerabilities can be exploited in the real-world using off-the-shelf equipment. This presents a stronger impact message when presenting our research results to a nontechnical audience. This has helped to raise awareness of security issues relating to EMV contactless cards, with our work appearing in the media, radio and TV

Security analysis of an e-commerce solution

The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE

Transformations of specifications and proofs to support an evolutionary formal software development

Like other software engineering activities, formal modelling needs to deal with change: bugs and omissions need to be corrected, and changes from the outside need to be dealtwith. In the context of axiomatic specifications and (partly) interactive proofs, the main obstacle is that changes invalidate proofs, which then need to be rebuilt using an inhibitive amount of resources. This thesis proposes to solve the problem by considering the state of a formal development consisting of (potentially buggy) specification and (potentially partial) proofs as one entity and transforming it using preconceived transformations. These transformations are operationally motivated: how would one patch the proofs on paper given a consistent transformation for the specification? They are formulated in terms of the specification and logic language, so as to be usable for several application domains. In order to make the approach compatible with the architecture of existing support systems, development graphs are added as an intermediate concept between specification and proof obligations, and the transformations are extended to work in the presence of the indirection. This leads to a separation of a framework for propagating transformations through development graphs and a reference instantiation that commits to concrete languages and proof representation. The reference instantiation works for many practically relevant scenarios. Other instantiations can be based on the framework

Formal analysis of confidentiality conditions related to data leakage

The size of the financial risk, the social repercussions and the legal ramifications resulting from data leakage are of great concern. Some experts believe that poor system designs are to blame. The goal of this thesis is to use applied formal methods to verify that data leakage related confidentiality properties of system designs are satisfied. This thesis presents a practically applicable approach for using Banks's confidentiality framework, instantiated using the Circus notation. The thesis proposes a tool-chain for mechanizing the application of the framework and includes a custom tool and the Isabelle theorem prover that coordinate to verify a given system model. The practical applicability of the mechanization was evaluated by analysing a number of hand-crafted systems having literature related confidentiality requirements. Without any reliable tool for using BCF or any Circus tool that can be extended for the same purpose, it was necessary to build a custom tool. Further, a lack of literature related descriptive case studies on confidentiality in systems compelled us to use hand-written system specifications with literature related confidentiality requirements. The results of this study show that the tool-chain proposed in this thesis is practically applicable in terms of time required. Further, the efficiency of the proposed tool-chain has been shown by comparing the time taken for analysing a system both using the mechanised approach as well as the manual approach

Gender, climate change, agriculture, and food security: a CCAFS training-of-trainers (TOT) manual to prepare South Asian rural women to adapt to climate change

This training-of-trainers manual is designed to train you to be able to deliver a capacity enhancement workshop (CEW) to rural women on climate change and gender. It has been designed by the CGIAR Research Program on Climate Change, Agriculture and Food Security (CCAFS) and is appropriate to the South Asian context