Formalisation and verification of JAVA CARD security properties in Dynamic Logic

Abstract

We present how common JAVA CARD security properties can be formalised in Dynamic Logic and verified, mostly automatically, with the KeY system. The properties we consider, are a large subset of properties that are of importance to the smart card industry. We discuss the properties one by one, illustrate them with examples of real-life, industrial size, JAVA CARD applications, and show how the properties are verified with the KeY Prover - an interactive theorem prover for JAVA CARD source code based on a version of Dynamic Logic that models the full JAVA CARD standard. We report on the experience related to formal verification of JAVA CARD programs we gained during the course of this work. Thereafter, we present the current state of the art of formal verification techniques offered by the KeY system and give an assessment of interactive theorem proving as an alternative to static analysis. © Springer-Verlag Berlin Heidelberg 2005.