formal modeling and verification of the java card
play

Formal modeling and verification of the Java Card security - PowerPoint PPT Presentation

Feb 06, 2024 •407 likes •800 views

VERIFICARD Formal modeling and verification of the Java Card security architecture Eduardo Gimnez Olivier Ly Trusted Logic SchlumbergerSema SchlumbergerSema January 8th, 2002 SchlumbergerSema & Trusted

  1. VERIFICARD Formal modeling and verification of the Java Card security architecture Eduardo Giménez Olivier Ly Trusted Logic SchlumbergerSema SchlumbergerSema January 8th, 2002 SchlumbergerSema & Trusted Logic

  2. The Formavie project • Partners: CP8, INRIA, Schlumberger. • Goal: formal modeling and verification of the Java Card security architecture . • Means: specify and prove in Coq the correctness of the critical components of a Java Card platform. • Models developed by Trusted Logic for CP8 and Schlumberger. January 8th, 2002 SchlumbergerSema & Trusted Logic

  3. Summary 1. The Java Card security chain. 2. General pattern of model. 3. The case of a Java Card platform: 1. Formal security model. 2. Internal consistency of the security model. 3. Component specification. A general proof architecture for security properties . 4. 4. Achievements and conclusions. January 8th, 2002 SchlumbergerSema & Trusted Logic

  4. Java Card applet development chain … … Secured java … … environment Java compiler 0101 class 0101 Converter 0101 CAP Applet 0101 Applet Bytecode verifier Applet 0101 secured transmission CAP Linker 0101 Interpreter Correct Cap file January 8th, 2002 SchlumbergerSema & Trusted Logic

  5. Security properties • Main goal is applet isolation. – No applet can unauthorizedly modify other applets data – No applet can unauthorizedly disclosure other applets data . • Correct development and software attack prevention. • Functional properties of the applets are not the first security concern. January 8th, 2002 SchlumbergerSema & Trusted Logic

  6. Security Chain • Critical part of the development chain : Protocol cap Verifier signed cap cap Linker linked cap Interpreter • CAP format is taken as the reference format of the model : � The applet developer and the applet issuer may be different. � Is the format used by SUN to specify the JCVM behavior. � Independent from any particular vendor's implementation. � Compiler and converter are critical mainly for functional properties. January 8th, 2002 SchlumbergerSema & Trusted Logic

  7. FORMAVIE challenges 1. To understand how the different properties enhanced by each component contribute to ensure applet isolation on the card. 2. To model the behavior of each component and to prove the correctness of the Java Card security architecture. 3. To build a logical framework both realistic and applicable to different vendor implementations (formal model reuse). January 8th, 2002 SchlumbergerSema & Trusted Logic

  8. General architecture of the model January 8th, 2002 SchlumbergerSema & Trusted Logic

  9. A modular architecture Security Policy Model proof proof proof proof Functional Functional Functional Functional Specification Specification Specification Specification proof proof proof proof Algorithm Algorithm Algorithm Algorithm Bytecode Verifier Interpreter Protocol Linker January 8th, 2002 SchlumbergerSema & Trusted Logic

  10. Model architecture (1/2) • Security policy model: – A collection of state machines. • A distinguished machine describing the computational semantics of Java Card. • Several « abstract » machines describing the security policies. – Security properties are state machine invariants . • Functional specification – An abstract description of the component. – Specified in terms of pre- and post-conditions. • Component contribution to the security policy model – The post-conditions entail some property on the execution of one of the state machines of the Security Policy model. January 8th, 2002 SchlumbergerSema & Trusted Logic

  11. Model architecture (2/2) • Algorithm description – Should capture the complexity of the implemented solution. – A deterministic, potentially executable program in Coq. – Described as a function f : Input � Output+Error. • Implementation soundness – If the input satisfies the pre-conditions, then the output produced by the function satisfies the post-conditions. ∀ x ∈ Input . ∀ y ∈ Output . f(x)=y � Pre(x) � Post(x,y) January 8th, 2002 SchlumbergerSema & Trusted Logic

  12. Java Card Security Policy Model January 8th, 2002 SchlumbergerSema & Trusted Logic

  13. Java Card Security Policy Model SUN Informal specifications Typing Static Data Firewall Security Security Security Security Policy Policy Policy policy model FWVM TYVM JCVM January 8th, 2002 SchlumbergerSema & Trusted Logic

  14. State Machines p ∈ P ; M p ≡ 〈 S, → p ,S I , S F 〉 • P = data structures containing the program • S = data structures describing the state of the machine • � = transition relation (inductive predicate depending on p) • S I = set of possible initial states • S F = set of valid final states (more than having no successor) January 8th, 2002 SchlumbergerSema & Trusted Logic

  15. The JCVM machine • Formalization of Java Card execution model (JCVMS+JCRES) • All Java Card features considered: – All bytecodes – All kind of identifiers (tokens,offsets,references,AIDs,etc) – All possible integer representations (big-endian,little-endian) – Correct access to the beginning of data (bytecode, method info,etc) – Native method invocation – Transactions and transient objects – Critical components of the API (input/output,Applets,PINs,etc) • A semi-defensive and « ideal » machine. – All controls are performed dynamically . – References are separated from arithmetical values. January 8th, 2002 SchlumbergerSema & Trusted Logic

  16. The JCVM as a state machine cap ∈ P ; JCVM cap ≡ 〈 S, → cap ,S I , S F 〉 • P = CAP format • S is formed by : – heap – static field images, – frame stack, – JCRE structures (transaction log, input, output, etc) • � cap = semantics of each bytecode, as (partially) specified by SUN • s I = frame stack only contains the frame of the invoked method • S F = empty frame stack January 8th, 2002 SchlumbergerSema & Trusted Logic

  17. The TYVM machine • A formalization of « must » clauses in SUN’s specification. • Both an abstraction and a refinement of the JCVM. • All values of the same type are collapsed into a single point. • Control flow is local to the current method (modular type-checking). January 8th, 2002 SchlumbergerSema & Trusted Logic

  18. The TYVM as a state machine p ∈ P ; TYVM p ≡ 〈 S, → p ,s I , S F 〉 • P = CAP format + well-formedness constraints. • S is formed by : – The type abstraction of the operand stack of the method – The type abstraction of the local variables of the method – The current pc • � = typing constraints associated to each bytecode • S I = empty stack, local variables with method type, method initial pc. • S F = control flows out of the method (return or uncaught exception). January 8th, 2002 SchlumbergerSema & Trusted Logic

  19. CAP format constraints (examples) • Language constraints: If a method overrides another method, then both have the same number of arguments. • Redundant structures: searching the type of a method invocation either directly from its constant pool index or by traversing the class structure of the descriptor component leads to the same type. • No hanged pointers: each exception handler points to the beginning of some bytecode. • Consistent pointers: each argument of a static method invocation has an entry in the constant pool, and the entry describes a static method (and not, say, a field). • Correspondences between components: each class in the class component has an entry in the descriptor component. January 8th, 2002 SchlumbergerSema & Trusted Logic

  20. The FWVM machine • A formalization of Java Card firewall rules. • Obtained forgetting those conditions of the JCVM rules which do not concern firewall verifications. • All arithmetic values collapsed into a single point. • Structure of the operand stack and local variables forgotten. • Control flow similar to the TYVM, but method invocations are followed (not intended for static verification). • Intended to prove properties entailed by firewall rules (applet isolation). January 8th, 2002 SchlumbergerSema & Trusted Logic

  21. The FWVM as a state machine cap ∈ P ; FWVM cap ≡ 〈 S, → cap ,s I , S F 〉 • P = CAP format • S is formed by : – Frame stack (active context, pc, known references) – Static field images abstraction (field values collapsed) – Heap abstraction (field values collapsed) • � = firewall verifications associated to each bytecode • S I = single frame with initial pc, context and known references. • S F = empty frame stack January 8th, 2002 SchlumbergerSema & Trusted Logic

  22. Example: arraylength bytecode rf ≠ null hp( rf ) = 〈 o, [a1,…,an] 〉 FirewallConditions(c, o ) JCVM 〈 sfi; hp; 〈 c;pc;lv;[ rf ,…] 〉 ::… 〉  arraylength → 〈 sfi; hp; 〈 c;pc+1;lv;[n,…] 〉 ::… 〉 TYVM 〈 pc; lv; [Array (T) ,…] 〉  arraylength → 〈 pc+1; lv; [ short ,…] 〉 rf ∈ refs rf ≠ null hp( rf ) = 〈 o, _ 〉 FirewallConditions(c, o ) FWVM 〈 sfi; hp; 〈 c;pc;refs 〉 ::… 〉  arraylength → 〈 sfi; hp; 〈 c;pc+1;refs 〉 ::… 〉 January 8th, 2002 SchlumbergerSema & Trusted Logic

  23. Internal consistency of the security model January 8th, 2002 SchlumbergerSema & Trusted Logic

Recommend

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications Hella Seebach , Florian Nafz and Wolfgang Reif Motivation and goals Software & Verification Co Design for highly reliable Organic Computing

402 views • 27 slides
F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software

F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software

Submitted to IEEE Software 2009 - Special issue on Software Development for Embedded Systems F Formal Modeling and Verification of l M d li d V ifi ti f Safety-Critical Software implemented in PLC JUNBEOM YOO JUNBEOM YOO KONKUK

882 views • 32 slides
Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and

Java Card Applet Firewall Java Card Applet Firewall Exploration and Exploitation Exploration and Exploitation Wojciech Mostowski and Erik Poll Digital Security Radboud University Nijmegen The Netherlands http://www.cs.ru.nl/~{woj,erikpoll}/

818 views • 42 slides
SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications

SAVE ORCA Formal Modeling, Safety Analysis, and Verification of Organic Computing Applications Hella Seebach , Florian Nafz and Wolfgang Reif What has happend in the last months? Software Engineering Guideline for Resource-Flow Systems

828 views • 29 slides
Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy

Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy

Formal verification of a code generator for a modeling language: the Velus project Xavier Leroy (joint work with Timothy Bourke, L elio Brun, Pierre- Evariste Dagand, Marc Pouzet, and Lionel Rieg) Inria, Paris MARS/VPT workshop, ETAPS

1.43k views • 55 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
FORMAL MODELING AND VERIFICATION FOR TIMING PREDICTABILITY Mathieu Jan, Mihail Asavoae, Belgacem

FORMAL MODELING AND VERIFICATION FOR TIMING PREDICTABILITY Mathieu Jan, Mihail Asavoae, Belgacem

FORMAL MODELING AND VERIFICATION FOR TIMING PREDICTABILITY Mathieu Jan, Mihail Asavoae, Belgacem Ben Hedia ERTS 2020 Toulouse Outline of the talk Motivations and goals Timing anomalies in Worst-Case Timing Reasoning An example of a timing

286 views • 16 slides
Verification and Certification of Java An experience report Gilles Barthe IMDEA Software, Madrid

Verification and Certification of Java An experience report Gilles Barthe IMDEA Software, Madrid

Verification and Certification of Java An experience report Gilles Barthe IMDEA Software, Madrid Septembre 2009 Gilles Barthe Verification and Certification of Java Context: formal methods for small devices smartcard platform and

753 views • 61 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus

Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus

Introduction Specification of the Java Flight Manager Runtime Assertion Checking and Verification Conclusions Formal Specification and Verification of Avionics Software Claus Wonnemann June 7th, 2006 Claus Wonnemann Formal Specification and

708 views • 54 slides
Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover

Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover

Krakatoa Deductive Verification of Java programs Introduction with Algebraic Modeling and Multi-Prover Overview of Krakatoa Algebraic models Backend: the Why/Krakatoa platform Conclusions Claude March e Christine Paulin Jean-Christophe

636 views • 31 slides
Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal

Formal Verification in Industry 1 Formal Verification in Industry John Harrison Intel Corporation The cost of bugs Formal verification Machine-checked proof Automatic and interactive approaches HOL Light Floating point

366 views • 25 slides
Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36

Program Verification using JML and ESC/Java2 Erik Poll Radboud University Nijmegen p.1/36 Outline of this tutorial formal specifcation language JML program verification using ESC/Java2 p.2/36 The Java Modeling Language JML

471 views • 36 slides
Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification

Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification

Introduction Modeling Specification Algorithms Conclusions Formal Verification, Model Checking Radek Pel anek Introduction Modeling Specification Algorithms Conclusions Motivation Formal Methods: Motivation examples of what can go

986 views • 74 slides
Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna

Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna

Weak Singular Hybrid Automata Formal Modeling and Verification for Cyber-Physical Systems Krishna S. Umang Mathur Ashutosh Trivedi Department of Computer Science and Engineering IIT Bombay, Mumbai, India January 18, 2014 Krishna S., Umang

929 views • 58 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of

Formal Verification of Mathematical Algorithms 1 Formal Verification of Mathematical Algorithms John Harrison Intel Corporation The cost of bugs Formal verification Levels of verification HOL Light Formalizing mathematics

353 views • 19 slides
Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA

Formal Verification of RISC-V cores with riscv-formal Clifford Wolf CTO, Symbiotic EDA http://www.clifford.at/papers/2018/riscv-formal/ About assertion based formal verification (formal ABV) Assertion based verification (ABV) Uses

781 views • 39 slides
Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal

Formal Verification with Yosys-SMTBMC Clifford Wolf Yosys Flows Synthesis Formal Verification Yosys-STMBMC iCE40 FPGAs Bounded Model Checking (Project IceStorm) Using any SMT-LIB2 solver (using QF_AUFBV logic) Xilinx

707 views • 56 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

SAR-SSI 2012 1 Introduction Java Card security model Off-card security model Java class Byte

Samiya Hamadouche, Guillaume Bouffard , Jean-Louis Lanet, Bruno Dorsemaine , Bastien Nouhant, Alexandre Magloire, Arnaud Reygnaud guillaume.bouffard@xlim.fr bruno.dorsemaine@etu.unilim.fr SAR-SSI 2012 1 Introduction Java Card security model

227 views • 19 slides
Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values,

Verification of a Java Compiler in Isabelle Martin Strecker 7.1.2002 Java: Types, values, terms, ... Typing and operational semantics JVM Compiler Definition Proof Techniques Compilation and Bytecode Verification

643 views • 18 slides

More recommend