Cate: A System for Analysis and Test of Java Card Applications Peter Pfahler, Universität Paderborn, Institut für Informatik Jürgen Günther, ORGA Kartensysteme GmbH, Paderborn First International Workshop on Software Quality SOQUA 2004, Erfurt, September 30 1
The Smart Card Market Telecommuni- Banking Health Identification cations • Cards for GSM and • Bank and • Health insurance • ID- and UMTS (3G) credit cards cards signature cards • Signature cards Security and Authentication Software Quality No Updates, Patches, Service Packs Java Card Cate Pfahler/Günther 2
Cate: A System for Analysis and Test of Java Card Applications Basic Idea : By using Java as the programming language for card software, the usage of program analysis tools becomes feasible. Overview: Smart card basics: Master/Slave Communication, Java Card Static Analysis : Command-Response behavior Dynamic Analysis : Test coverage The Cate System : Practical experience Cate Pfahler/Günther 3
Java Card Java Cards include a Java Virtual Machine (JVM) to run Java applications. Java Java Java Applet 1 Applet 2 Applet n Native Native App. 1 App. 2 Card Loader System Java Interpreter Admini- API API strator Services / File System Crypto Card Manager APDU Server Manager Memory Manager Library Hardware Drivers Cate Pfahler/Günther 4
The smart card communication model: Master/Slave CLA INS P1 P2 LC DAT LE Command APDU Card Smart Card accepting device Host Response APDU DAT SW1 SW2 Cate Pfahler/Günther 5
Static Analysis of Command/Response Behavior Typical Structure of a Java Card Applet 1 void process(APDU apdu) { byte [] buf = apdu.getBuffer(); if (buf[CLA] == 0x80) { 2 switch (buf[INS]) { 3 case 0x20: ... 4 case 0x22: ... 5 case 0x24: ... 6 case 0x26: ... 7 default: ... } } else { 8 CardException.throwIt(0x6D00); } 9 } Cate Pfahler/Günther 6
Static Analysis of Command/Response Behavior Typical Structure of a Java Card Applet Code Clichés 1 void process(APDU apdu) { byte [] buf = apdu.getBuffer(); if (buf[CLA] == 0x80) { 2 switch (buf[INS]) { APDU fetch 3 case 0x20: ... 4 case 0x22: ... APDU access 5 case 0x24: ... 6 case 0x26: ... Control flow branching 7 default: ... } Return code generation } else { 8 CardException.throwIt(0x6D00); } 9 } Cate Pfahler/Günther 7
Static Analysis of Command/Response Behavior Control Flow Analysis 1 Data Flow Analysis based on Clichés CLA = 0x80 CLA ≠ 0x80 2 8 Response 0x6D00 INS=0x22 INS=0x26 INS=0x20 INS=0x24 default 3 4 5 6 7 Results: Document listing the command/response combinations Annotated Control Flow Graph 9 Cate Pfahler/Günther 8
Static Analysis of Command/Response Behavior Results of Static Analysis presented by Cate Annotated Control Flow Graph Command/Response Combinations Cate Pfahler/Günther 9
Dynamic Test Coverage Analysis Test engineers need: information about untested program locations Code Coverage a measurement of test quality (e.g. C 0 : basic block execution ratio) Executed Basic Code coverage information can be gained by Block instrumentation of the card applet B1 yes or profiling during card applet simulation B2 no B3 yes B4 no B5 no In practice coverage information turned out B6 yes to be more valuable than the static analysis results. C 0 = 3/6 = 50 % Cate Pfahler/Günther 10
Dynamic Test Coverage Analysis Results of dynamic analysis presented by Cate Cate Pfahler/Günther 11
Combining the results of static and dynamic analyzes Support for the construction of new test cases Cate Pfahler/Günther 12
Cate System Overview Static Analysis Project managment � Source browser � Control flow analysis � CFG display � Command/response � Dynamic Analysis Test browser � Simulator control � Test execution � Test evaluation � Coverage analysis � Cate Pfahler/Günther 13
Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 14
Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 15
Applying the Cate System Compare Static results to Developer Analysis Error detected specification OK Choose Instrument Test Cases Application Code coverage questions Dynamic Construct new Analysis Test Cases Error detected Coverage too low Cate Pfahler/Günther 16
Summary Cate: A System for Analysis and Test of Java Card Applications Smart card basics: Master/Slave, Java Card Static Analysis : Command-Response behavior Dynamic Analysis : Test coverage The Cate System : Practical experience Cate Pfahler/Günther 17
Recommend
More recommend