Electronic Purse Applet Certiication: Extended Abstract

The paper describes the status of a joint project between Gemplus and ONERA. Gemplus developed an electronic purse running on Java enabled smart cards. The project goal is to verify security properties that should be enforced by the applets involved in this application. A security policy has been de ned that associates levels to applet attributes and methods and de nes authorized ows between levels. We propose a technique based on model checking to verify that actual information ows between applets are authorized. 1 Context and case study 1.1 Open smart cards A new type of smart cards is getting more and more attractive: multiapplication smart cards. The main characteristics of such cards are that applications can be loaded after the card issuance and that several applications run on the same card. A few operating systems have been proposed to manage multiapplication smart cards, namely Java Card 2 , Multos 3 and more recently Smart Cards for Windows 4 . In this paper, we will focus on Java Card. Following 1 The Pacap project is partially funded by MENRT d ecision d'aide 98.B.0251 2 http://java.sun.com/products/javacard 3 http://www.multos.com 4 http://www.microsoft.com/smartcard Preprint submitted to Elsevier Preprint 31 January 2000 this standard, applications for multiapplication smart cards are implemented as interacting Java applets.