Trustworthy Systems

Using Coq to Verify Java Card Applet Isolation Properties


June Andronick, Boutheina Chetali and Olivier Ly

Schlumberger Systems


This paper reports on the use of the Coq proof assistant for the formal verification of applet isolation properties in Java Card technology. We focus on the confidentiality property. We show how this property is verified by the card manager and the APIs, extending our former proof addressing the Java Card virtual machine. We also show how our verification method allows to complete specifications and to enhance the secure design of the platform. For instance, we describe how the proof of the integrity puts the light on a known bug. Finally, we present the benefits of the use of high order modelling to handle the complexity of the system, to prove security properties and eventually to construct generic re-usable proof architectures.

BibTeX Entry

    address          = {Rome, Italy},
    author           = {June Andronick and Boutheina Chetali and Olivier Ly},
    booktitle        = {Proceedings of the 16th International Conference on Theorem Proving in Higher Order Logics},
    editor           = {D. A. Basin and B. Wolff},
    isbn             = {3-540-40664-6},
    month            = sep,
    pages            = {335--351},
    paperUrl         = {},
    publisher        = {Springer},
    series           = {Lecture Notes in Computer Science},
    title            = {{Using Coq to Verify Java Card Applet Isolation Properties}},
    volume           = {2758},
    year             = {2003}