적정기술학회지 (Journal of Appropriate Technology)

적정기술학회 (Academic Society for Appropriate Technology)
권호 표지
DOI QR코드

DOI QR Code

A Verified Formal Specification of A Secured Communication Method For Smart Card Applications

  • Kim, Donald D. (Information and Communication Engineering Dept. Dongguk University)
  • 투고 : 2021.10.22
  • 심사 : 2021.10.28
  • 발행 : 2021.11.20
⟨ 이전 논문 다음 논문 ⟩

초록

In remote villages without access to modern IT technology, simple devices such as smartcards can be used to carry out business transactions. These devices typically store multiple business applications from multiple vendors. Although devices must prevent malicious or accidental security breaches among the applications, a secure communication channel between two applications from different vendors is often required. In this paper, first, we propose a method of establishing secure communication channels between applications in embedded operating systems that run on multi-applet smart cards. Second, we enforce the high assurance using an intransitive noninterference security policy. Thirdly, we formalize the method through the Z language and create the formal specification of the proposed secure system. Finally, we verify its correctness using Rushby's unwinding theorem.

키워드

참고문헌

  1. Bell, D.E. and LaPadula, L. (1973), Secure Computer Systems: Mathematical Foundations and Model, Technical Report M74-244, MITRE Corp., Bedford, MA, 1973.
  2. Biba, K.J. (1977), Integrity Considerations for Secure Computer Systems, Technical Report ESD-TR-76-372, MITRE Corp., 1977.
  3. Common Criteria for Information Technology Security Evaluation, Parts 1, 2, and 3. Version 3.1, CCMB2017-04-001, CCMB2017-04-002, and CCMB2017-04-003, April 2017.
  4. Denning, D.E. (1976), A lattice model of secure information flow, Communications of the ACM, 1976. 19(5), p. 236-243. https://doi.org/10.1145/360051.360056
  5. Freitas, L. (2004), Proving Theorems with Z/Eves, University of Kent, July 2004.
  6. Java Card Applet Developer's Guide, Sun Microsystems, Inc., 1998
  7. Katoen, J. (1998), Concepts, algorithms and tools for model checking, Lecture Notes 1998/1999, chapt. 1: System Validation.
  8. Karger, P.A., Austel, V., and Toll, D. (2000), A new mandatory security policy combining secrecy and integrity, RC 21717, IBM Research Division, T. J. Watson Research Center, Yorktown Heights, NY, 15 March 2000.
  9. Markantonakis, Konstantinos; Akram, Raja Naeem (2017), Multi-Application Smart Card Platforms and Operating Systems, Springer International Publishing, May 2017, ISBN: 978-3-319-50500-8, pp59-92
  10. Meisels, Irwin and Saaltink, Mark (1997), The Z/EVES Reference Manual (for Version 1.5), TR-97-5493-03d, ORA Canada, 1997.
  11. Morimoto, S., Shigematsu, S., Goto, Y., and Cheng, J. (2007), Formal verification of security specifications with common criteria, Proc. of the 2007 ACM Symposium on Applied Computing, pages 1506-1512.
  12. Rushby, J. (1986), The Bell and La Padula security model, SRI International, Draft Technical Note of June 20 1986, [Online]. Available: http://www.csl.sri.com/users/rushby/biblio.html
  13. Rushby, J. (1992), Noninterference, transitivity, and channel- control security policies, SRI International, Tech. Rep. CSL-92-02, Dec 1992.
  14. Rushby, J. (2013), Logic and Epistemology in Safety Cases, Computer Safety, Reliability, and Security: Proceedings of Safe-Comp 32, Toulouse, France, September 2013, Springer LNCS 8153, pp. 1-7.
  15. Schellhorn, G., Reif, W., Schairer, A., Karger, P., Austel, V., and Toll, D. (2000), Verification of a formal security model for multiapplicative smart cards, In Proc. of the 6th European Symposium on Research in Computer Security (ESORICS), LNCS 1895 Springer, 2000.
  16. Toll, D. C., Karger, P. A., Palmer, E. R., McIntosh, S. K., Weber, S. (2008), The Caernarvon Secure Embedded Operating System, Operating Systems Rev., 42(1), 2008, pp. 32-39. https://doi.org/10.1145/1341312.1341320
  17. Woodcock, J. and Davies, J. (1996), Using Z: Specification, Refinement, and Proof. Prentice-Hall International Series in Computer Science, 1996. ISBN: 978-0-13-948472-8
  18. Wolfgang Rankl and Wolfgang Effing (2003), Smart Card Handbook, Third Edition, Wiley, 2003, ISBN: 0-470-85668-8