JCML: A specification language for the runtime verification of Java Card programs

AbstractJava Card is a version of Java developed to run on devices with severe storage and processing restrictions. The applets that run on these devices are frequently intended for use in critical, highly distributed, mobile conditions. They are required to be portable and safe. Often, the requirements of the application impose the use of dynamic, on-card verifications, but most of the research developed to improve the safety of Java Card applets concentrates on static verification methods. This work presents a runtime verification approach based on Design by Contract to improve the safety of Java Card applications. To this end, we propose JCML (Java Card Modelling Language) a specification language derived from JML (Java Modelling Language) and its implementation: a compiler that generates runtime verification code. We also present some experiments and quality indicators. This paper extends previous published work from the authors with a more complete and precise definition of the JCML language and new experiments and results

Invariant discovery and refinement plans for formal modelling in Event-B

The continuous growth of complex systems makes the development of correct software increasingly challenging. In order to address this challenge, formal methods o er rigorous mathematical techniques to model and verify the correctness of systems. Refinement is one of these techniques. By allowing a developer to incrementally introduce design details, refinement provides a powerful mechanism for mastering the complexities that arise when formally modelling systems. Here the focus is on a posit-and-prove style of refinement, where a design is developed as a series of abstract models introduced via refinement steps. Each refinement step generates proof obligations which must be discharged in order to verify its correctness – typically requiring a user to understand the relationship between modelling and reasoning. This thesis focuses on techniques to aid refinement-based formal modelling, specifically, when a user requires guidance in order to overcome a failed refinement step. An integrated approach has been followed: combining the complementary strengths of bottomup theory formation, in which theories about domains are built based on basic background information; and top-down planning, in which meta-level reasoning is used to guide the search for correct models. On the theory formation perspective, we developed a technique for the automatic discovery of invariants. Refinement requires the definition of properties, called invariants, which relate to the design. Formulating correct and meaningful invariants can be tedious and a challenging task. A heuristic approach to the automatic discovery of invariants has been developed building upon simulation, proof-failure analysis and automated theory formation. This approach exploits the close interplay between modelling and reasoning in order to provide systematic guidance in tailoring the search for invariants for a given model. On the planning perspective, we propose a new technique called refinement plans. Refinement plans provide a basis for automatically generating modelling guidance when a step fails but is close to a known pattern of refinement. This technique combines both modelling and reasoning knowledge, and, contrary to traditional pattern techniques, allow the analysis of failure and partial matching. Moreover, when the guidance is only partially instantiated, and it is suitable, refinement plans provide specialised knowledge to further tailor the theory formation process in an attempt to fully instantiate the guidance. We also report on a series of experiments undertaken in order to evaluate the approaches and on the implementation of both techniques into prototype tools. We believe the techniques presented here allow the developer to focus on design decisions rather than on analysing low-level proof failures

New Card Technologies in Retail Banking: Competition and Collaboration in the 1990s

This thesis examines the alternative bank card technologies being considered for retail banking in the UK in the 1990s. Influential organisations suggest that this technology needs updating, and various new technologies are being developed. The thesis identifies the most influential organisations within four groups considered key for retail banking technology: the technology supply industry, the adopting industry, the market and other key players. The observations and analysis in this thesis are based on information provided by each of these four key groups, through written Surveys, face-to-face and telephone interviews, and from a range of written sources. A selection of past and present bank card trials are also described, with particular focus on the introduction of smart card technology. Results confirm that the innovation process in the retail banking industry accords with a highly interactive model, with feedback loops throughout the innovation process. The adopting industry is seen to follow the innovation process in the opposite direction to that experienced in manufacturing industry. Thus, smaller incremental innovations eventually lead to more radical changes which effect complete systems change on a national basis - a ‘reverse cycle’ model of innovation. The thesis analyses the evolution of competitive and cooperative strategies, particularly between banks and their collective organisations, building societies and retailers. The thesis concludes that the dominant institutions driving card technology innovation and standards globally are the international debit and credit card corporations Mastercard, VISA and Europay, operating through their organisation EMV. In the UK, the major clearing banks, and their ABACS organisation, and the large retailers are also key actors. The thesis suggests that smart card is the most likely to be adopted

The potential use of smart cards in vehicle management with particular reference to the situation in Western Australia

Vehicle management may be considered to consist of traffic management, usage control, maintenance, and security. Various regulatory authorities undertake the first aspect, fleet managers will be concerned with all aspects, and owner-drivers will be interested mainly in maintenance and security. Car theft poses a universal security problem. Personalisation, including navigational assistance, might be achieved as a by-product of an improved management system. Authorities and fleet managers may find smartcards to be key components of an improved system, but owners may feel that the need for improved security does not justify its cost. This thesis seeks to determine whether smartcards may be used to personalise vehicles in order to improve vehicle management within a forseeable time and suggest when it might happen. In the process four broad questions are addressed. • First, what improvements in technology are needed to make any improved scheme using smartcards practicable, and what can be expected in the near future? • Second, what problems and difficulties may impede the development of improved management? • Third, what non-vehicle applications might create an environment in which a viable scheme could emerge? • Finally, is there a perceived need for improved vehicle management? The method involved a literature search, the issue of questionnaires to owner drivers and fleet managers, discussions with fleet managers, the preparation of data-flow and state diagrams, and the construction of a simulation of a possible security approach. The study concludes that although vehicle personalisation is possible- and desirable it is unlikely to occur within the next decade because the environment needed to make it practicable will not emerge until a number of commercial and standardisation problems that obstruct all smartcard applications have been solved

Electronic Payment Systems Observatory (ePSO). Newsletter Issues 9-15

Abstract not availableJRC.J-Institute for Prospective Technological Studies (Seville