Automatic Generation of Vulnerability Tests for the Java Card Byte Code Verifier

Author

Savary, Aymerick ; Frappier, Marc ; Lanet, Jean-Louis

Author_Institution

Dept. Inf., Univ. de Sherbrooke, Sherbrooke, QC, Canada

fYear

2011

fDate

18-21 May 2011

Firstpage

Lastpage

Abstract

The byte code verifier is an essential component of the Java Card security platform. Test generation to assess its implementation is mandatory, however, comprehensive test plans are too intricate to be handmade. Therefore, automating their generation is an interesting avenue. Our approach is based on formal methods, an important asset to find a preamble, a postamble, or the entire set of test cases for each instruction. The proposed vulnerability tests confirm that a behavior rejected by the model is also rejected by its implementation. Our results show that the techniques put forward achieve such a goal, through a simplified language.

Keywords

Java; automatic test pattern generation; formal verification; security of data; smart cards; Java card byte code verifier; Java card security platform; automatic vulnerability test generation; Context; Electronic mail; Gold; Java; Read only memory; Runtime environment; Silicon;

fLanguage

English

Publisher

ieee

Conference_Titel

Network and Information Systems Security (SAR-SSI), 2011 Conference on

Conference_Location

La Rochelle

Print_ISBN

978-1-4577-0735-3

Type

conf

DOI

10.1109/SAR-SSI.2011.5931379

Filename

5931379

Link To Document

https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1928314