A B model for ensuring soundness of a large subset of the Java Card virtual machine

AbstractJava Cards are a new generation of smart cards that use the Java programming language. As smart cards are usually used to supply security to an information system, security requirements are very strong. The byte code interpreter and verifier are crucial components of such cards, and proving their safety can become a competitive advantage. Previous works have been done on methodology for proving the soundness of the byte code interpreter and verifier using the B method. It refines an abstract defensive interpreter into a byte code verifier and a byte code interpreter. However, this work had only been tested on a very small subset of the Java Card instruction set. This paper presents a work aiming at verifying the scalability of this previous work. The original instruction subset of about 10 instructions has been extended to a larger subset of more than one hundred instructions, and the additional cost of the proof has been managed by modifying the specification in order to group opcodes by properties

JACK: Java Applet Correctness Kit

The paper presents a solution to improve the applet quality by allowing proof on Java Card TM annotated applets. It presents the chosen annotation language: JML that allows to formally specify each method and to give properties on fields. The innovative part of the paper is the presentation of the tools developed in the Gemplus Software Research Labs which allows proving the annotation by translating them in a formal language. To reduce the difficulty of using formal techniques, the tools aim to provide a user-friendly interface which hides to developers most of the formal features and provides him a "Java view" of proofs

Adaptable Translator of B Specifications to Embedded C Programs

This paper presents the results of the RNTL BOM project, which aimed to develop an approach to generate efficient code from B formal developments. The target domain is smart card applications, in which memory and code size is an important factor. The results detailed in this paper are a new architecture of the translation process, a way to adapt the B0 language in order to include types of the target language and a set of validated optimizations. An assessment of the proposed approach is given through a case study, relative to the development of a Java Card Virtual Machine environment