Skip to Main content Skip to Navigation
Reports

Enforcing High-Level Security Properties For Applets

Abstract : Smart card applications often handle privacy-sensitive information, and therefore must obey certain security policies. Such policies are usually described by high-level security properties, stating for example that no authentication must take place within a transaction. Behavioural interface specification languages, such as JML (Java Modeling Language) have been successfully used to validate functional properties of smart card applications. However, high-level security properties cannot be expressed directly in such languages. Therefore, this paper proposes a method to translate high-level security properties into JML annotations. The method proceeds by synthesising appropriate annotations and weaving them throughout the application. In this way, security policies can be validated using the various existing tools for JML. The method is general and applies to a large class of security properties. To illustrate its applicability, we applied the method to several realistic examples of smart card applications. This allowed us to find violations against the documented security policies for some of these applications.
Document type :
Reports
Complete list of metadata

https://hal.inria.fr/inria-00071523
Contributor : Rapport de Recherche Inria <>
Submitted on : Tuesday, May 23, 2006 - 5:50:36 PM
Last modification on : Saturday, January 27, 2018 - 1:31:34 AM
Long-term archiving on: : Sunday, April 4, 2010 - 10:22:05 PM

Identifiers

  • HAL Id : inria-00071523, version 1

Collections

Citation

Mariela Pavlova, Gilles Barthe, Marieke Huisman, Jean-Louis Lanet, Lilian Burdy. Enforcing High-Level Security Properties For Applets. [Research Report] RR-5061, INRIA. 2003. ⟨inria-00071523⟩

Share

Metrics

Record views

197

Files downloads

473