Verification of a Formal Security Model for Multiapplicative Smart Cards
نویسندگان
چکیده
We present a generic formal security model for operating systems of multiapplicative smart cards. The model formalizes the main security aspects of secrecy, integrity, secure communication between applications and secure downloading of new applications. The model satisfies a security policy consisting of authentication and intransitive noninterference. The model extends the classical security models of Bell/ LaPadula and Biba, but avoids the need for trusted processes, which are not subject to the security policy by incorporating such processes directly in the model itself. The correctness of the security policy has been formally proven with the VSE II system.
منابع مشابه
Verified Formal Security Models for Multiapplicative Smart Cards
We present two generic formal security models for operating systems of multiapplicative smart cards. The models formalize the main security aspects of secrecy, integrity, secure communication between applications and secure downloading of new applications. The first model is maximally abstract, whereas the second extends the first by adding practically relevant issues such as a structured file ...
متن کاملWhich Security Policy for Multiplication Smart Cards?
In this paper, we aim to clarify some issues regarding the deployment context of multiapplicative smart cards. We especially deal with the trust relationships between the involved parties and the resulting constraints from a security point of view. We highlight a new security threat in a multiapplicative context and propose a new multilevel security model which allows to control precisely the i...
متن کاملOn Practical Information Flow Policies for Java-Enabled Multiapplication Smart Cards
In the multiapplicative context of smart cards, a strict control of underlying information flow between applications is highly desired. In this paper we propose a model to improve information flow usability in such systems by limiting the overhead for adding information flow security to a Java Virtual Machine. We define a domain specific language for defining security policies describing the al...
متن کاملFormal Methods for the Verification of Safety Critical Applications using SPIN Model Checker
Security over the years has been a major concern for the organizations and companies. With the emergence of smart cards, industry has become more interested in methodologies which are used to establish the correctness and security of the applications developed with the acceptance of the use of smart cards in such domains. This paper provides a general introduction to the state-of-the-art of for...
متن کاملSpecification and verification of security policies for smart cards
Security systems that use smart cards are nowadays an important part of our daily life, which becomes increasingly dependent on the reliability of such systems, for example cash cards, electronic health cards or identification documents. Since a security policy states both the main security objectives and the security functions of a certain security system, it is the basis for the reliable syst...
متن کامل