Formal Specification and Static Checking of Gemplus’ Electronic Purse Using ESC/Java

Cataño, Néstor; Huisman, Marieke

doi:10.1007/3-540-45614-7_16

Cited by 34 publications

(26 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Other works that apply a DBC approach based on JML in the security context are presented by Lloyd et al (biometric authentication system) [30], Cataño et al [31] (smart card system), and Mustafa et al [32] (Android system services). These works, however, do not cover applications consisting of heterogeneous modules and do not use the combination of dynamic and static analysis technique for assertionbased verification.…”

Section: Discussion and Related Workmentioning

confidence: 99%

Achieving Security Assurance with Assertion-based Application Construction

Rubio-Medrano¹,

Ahn²,

Sohr³

2015

EAI Endorsed Transactions on Collaborative Computing

View full text Add to dashboard Cite

Modern software applications are commonly built by leveraging pre-fabricated modules, e.g. application programming interfaces (APIs), which are essential to implement the desired functionalities of software applications, helping reduce the overall development costs and time. When APIs deal with security-related functionality, it is critical to ensure they comply with their design requirements since otherwise unexpected flaws and vulnerabilities may consequently occur. Often, such APIs may lack sufficient specification details, or may implement a semantically-different version of a desired security model to enforce, thus possibly complicating the runtime enforcement of security properties and making it harder to minimize the existence of serious vulnerabilities. This paper proposes a novel approach to address such a critical challenge by leveraging the notion of software assertions. We focus on security requirements in role-based access control models and show how proper verification at the source-code level can be performed with our proposed approach as well as with automated state-of-the-art assertion-based techniques.

show abstract

Section: Discussion and Related Workmentioning

confidence: 99%

Achieving Security Assurance with Assertion-based Application Construction

Rubio-Medrano¹,

Ahn²,

Sohr³

2015

EAI Endorsed Transactions on Collaborative Computing

View full text Add to dashboard Cite

show abstract

“…Most of the specifications are written by the second author, who beforehand did not have any experience with Plural or the Plural language, or with writing formal specifications in general. The first author, who had experience in writing formal specifications with JML [14,15], but not with Plural, supervised the work and made suggestions to improve the specifications. The third author, the principal designer of Plural, provided feed-back on writing Plural specifications.…”

Section: Evaluation Of the Case Studymentioning

confidence: 99%

A case study on the lightweight verification of a multi-threaded task server

Cataño

Ahmed²,

Siminiceanu

et al. 2014

Science of Computer Programming

Self Cite

View full text Add to dashboard Cite

We present a case study of verifying the design of a commercial multi-threaded task server (MTTS), developed by the Novabase company, used for massively parallelising computational tasks. In a first stage, we employed the Plural tool, which is designed to perform lightweight verification of Java programs using a Data Flow Analysis (DFA) framework, to specify and verify the MTTS. We wrote the Plural specification for the MTTS based on the code developed by Novabase, its informal documentation, and our discussions with Novabase engineers, who validated our understanding of the MTTS application. The Plural specification language is based on typestates and access permissions. In a second stage, we developed the Pulse tool that enhances the analysis performed by Plural, and used the tool on the MTTS specifications. Pulse translates Plural specifications into an abstract state-machine model that captures the semantics of all the possible concurrent programs implementing the given specifications, and uses the evmdd-smc symbolic model-checker to verify the machine model. The experimental results on the MTTS specification show that the exhaustive model-checking approach scales reasonably well and is efficient at finding errors in specifications that were not previously detected with the Data Flow Analysis (DFA) capabilities of Plural.

show abstract

“…Other works that employ JML in the application security context are presented by Lloyd et al (a biometric authentication system) [28] and by Cataño et al (an electronic purse implemented as a Java Card application) [3]. Both works use JML in conjunction with the static checker ESC/Java for an already implemented application, facing several problems concerning the limitations of extended static checking, specifically, too large verification conditions.…”

Section: Related Workmentioning

confidence: 99%

Understanding the implemented access control policy of Android system services with slicing and extended static checking

Mustafa

Sohr

2014

Int. J. Inf. Secur.

View full text Add to dashboard Cite

Abstract-Android is one of the major smartphone platforms today. One reason for this success is that many interesting applications are made available through Google Play. The increasing functionality, however, entails new risks. To defend against attacks, Android provides a sophisticated security architecture based on permissions which must be granted to applications at installation time. Since the Android source code is publicly available, the security community has the chance to assess the security mechanisms of Android. Due to its large code body, a completely manual code review is tedious and hence tool support for this task is desirable. As a first step in this direction, we propose to extract the implemented access control policy from the code for Android system services with the help of program slicing. After this abstraction phase, we analyze the extracted policy against the documentation. For this purpose, we use the Java Modeling Language (JML) in conjunction with extended static checking. We applied this approach to core system services of Android 4.0.3 and identified some inconsistencies between the documentation and the implementation.

show abstract

Formal Specification and Static Checking of Gemplus’ Electronic Purse Using ESC/Java

Cited by 34 publications

References 4 publications

Achieving Security Assurance with Assertion-based Application Construction

Achieving Security Assurance with Assertion-based Application Construction

A case study on the lightweight verification of a multi-threaded task server

Understanding the implemented access control policy of Android system services with slicing and extended static checking

Contact Info

Product

Resources

About