Towards testability in smart card operating system design

The operating system of a smart card is a safety critical system. Distributed in millions, smart cards with their small 8-bit CPU support applications where transferred values are only protected by the strength of a cryptographic protocol. This strength goes no further than the implementation of the software in the card and terminal allows. Because of its complexity, to guarantee absolute reliability of the smart card software is prohibitively expensive. Obtaining a high level of confidence in the implementation of a smart card application is essential for their widespread acceptance. A highly structured design of the smart card operating system gives the designer control over the complexity of the system. A functional language has been used to prototype a smart card operating system. The prototype has the same structure as the real operating system and it offersmost of the functionality of the real system. The well defined semantics of pure functional languages and their compositionality in particular are instrumental to the structuring of the prototype. With the functional language implementation as reference, the reliability of the implementation can be assessed in detail.