Byte Code Verification for Java Smart Card Based on Model Checking

The paper presents a novel approach to Java byte code veri cation: The veri cation process is performed \o ine" on a network server, instead of incorporating it in the client. Furthermore, the most critical part of the veri cation process is based upon a formal model and uses a model checker for checking the veri cation conditions. The result of the veri cation process can be securely communicated to the runtime platform with cryptographic means. The major advantages of our approach are twofold: on the one hand, it o ers a higher degree of security, since the veri cation process is based on a formal framework. Secondly, it saves resources on the client's side, since the process of byte code veri cation can be replaced by a simple check of a digital signature. This paper concentrates on Java smart cards, where resource limitations inhibit fullyedged byte code veri cation within the client, but the demand for security is very high. However, our approach can also be applied to other variants of Java.