A Tool-Assisted Framework for Certified Bytecode Verification

Barthe, Gilles; Dufay, Guillaume

doi:10.1007/978-3-540-24721-0_7

Cited by 10 publications

(13 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, most of them concentrate on ensuring some high-level security properties of the Java Card applets such as well-typedness [11,12], confidentiality, noninterference, information-flow security [13,14,15].…”

Section: Related Workmentioning

confidence: 99%

Certifying Native Java Card API by Formal Refinement

Nguyen¹,

Chetali²

2006

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. This paper describes a refinement-based approach to show that a native Java Card API function fulfills its specification. We refine a native function from its informal specification (by Sun) through several intermediate models into a low-level model which is very close to its C implementations. We formally prove the correctness of the refinement steps between two adjacent levels. The low-level model is sufficiently detailed such that its correspondence to the C implementation can be informally checked. This work provides a framework to enforce the security of the native code by formal analysis and can be generalized to verify a complete implementation of the Java Card platform.

show abstract

Section: Related Workmentioning

confidence: 99%

Certifying Native Java Card API by Formal Refinement

Nguyen¹,

Chetali²

2006

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

show abstract

“…It relies on the formalization, described in full details in [5], of a dataflow analysis for a generic execution function that meets minimal requirements. This dataflow analysis is proven correct in the sense that it offers a sound decision procedure to reject programs that may go wrong during execution.…”

Section: The Framework Phasementioning

confidence: 99%

Tool-Assisted Specification and Verification of Typed Low-Level Languages

et al. 2006

Self Cite

View full text Add to dashboard Cite

Abstract. Bytecode verification is one of the key security functions of several architectures for mobile and embedded code, including Java, Java Card, and .NET. Over the last few years, its formal correctness has been studied extensively by academia and industry, using general purpose theorem provers. The objective of our work is to facilitate such endeavors by providing a dedicated environment for establishing the correctness of bytecode verification within a proof assistant.The environment, called Jakarta, exploits a methodology that casts the correctness of bytecode verification relatively to a defensive virtual machine that performs checks at run-time, and an offensive one that does not, and can be summarized as stating that the two machines coincide on programs that pass bytecode verification. Such a methodology has been used successfully to prove the correctness of the Java Card bytecode verifier, and may potentially be applied to many other similar problems. One definite advantage of the methodology is that it is amenable to automation. Indeed, Jakarta automates the construction of an offensive virtual machine and a bytecode verifier from a defensive machine, and the proofs of correctness of the bytecode verifier.We illustrate the principles of Jakarta on a simple low-level language extended with subroutines, and discuss its usefulness to proving the correctness of the Java Card platform.

show abstract

“…Several researchers have investigated how to develop machine-checked bytecode verifiers in order to increase the confidence in this component itself [13,2]. The standard bytecode verifier ensures one kind of security policy that is proved by a simple data flow analysis.…”

Section: Introductionmentioning

confidence: 99%

“…One approach would be to certify the analyser entirely within a proof checker, as done for the key components of the Java bytecode verifier [13,2]. In previous work, Pichardie et.…”

Section: Introductionmentioning

confidence: 99%

Certified Result Checking for Polyhedral Analysis of Bytecode Programs

Besson

Jensen

Pichardie

et al. 2010

Trustworthly Global Computing

View full text Add to dashboard Cite

Abstract. Static analysers are becoming so complex that it is crucial to ascertain the soundness of their results in a provable way. In this paper we develop a certified checker in Coq that is able to certify the results of a polyhedral array-bound analysis for an imperative, stack-oriented bytecode language with procedures, arrays and global variables. The checker uses, in addition to the analysis result, certificates which at the same time improve efficiency and make correctness proofs much easier. In particular, our result certifier avoids complex polyhedral computations such as convex hulls and is using easily checkable inclusion certificates based on Farkas lemma. Benchmarks demonstrate that our approach is effective and produces certificates that can be efficiently checked not only by an extracted Caml checker but also directly in Coq.

show abstract

A Tool-Assisted Framework for Certified Bytecode Verification

Cited by 10 publications

References 18 publications

Certifying Native Java Card API by Formal Refinement

Certifying Native Java Card API by Formal Refinement

Tool-Assisted Specification and Verification of Typed Low-Level Languages

Certified Result Checking for Polyhedral Analysis of Bytecode Programs

Contact Info

Product

Resources

About