Formal Verification of Security Properties of Smart Card Embedded Source Code
Authors
Axalto - Smart card Research
Université Paris-Sud
Abstract
This paper reports on a method to handle the verification of various security properties of imperative source code embedded on smart cards. The idea is to combine two program verification approaches: the functional verification at the source code level and the verification of high level properties on a formal model built from the program and its specification. The method presented uses the Caduceus tool, built on top of the Why tool. Caduceus enables the verification of an annotated C program and provides a validation process that we used to generate a high level formal model of the C source code. This method is illustrated by an example extracted from the verification of a smart card embedded operating system.
BibTeX Entry
@inproceedings{Andronick_CP_05,
author = {June Andronick and Boutheina Chetali and Christine Paulin-Mohring},
doi = {10.1007/11526841_21},
editor = {J. Fitzgerald and I. J. Hayes and A. Tarlecki},
month = jul,
series = {Lecture Notes in Computer Science},
year = {2005},
title = {{Formal Verification of Security Properties of Smart Card Embedded Source Code}},
address = {Newcastle, UK},
pages = {302--317},
volume = {3582},
booktitle = {Proceedings of the International Symposium on Formal Methods (FM)},
publisher = {Springer}
}
Full text
BibTeX