Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automata-Based Programming Technology Extension for Generation of JML Annotated Java Card Code Andrey Klebanov, CTD, SPb SU ITMO supervised by Anatoly.

Published bySophia Swim Modified over 10 years ago

Similar presentations

Presentation on theme: "Automata-Based Programming Technology Extension for Generation of JML Annotated Java Card Code Andrey Klebanov, CTD, SPb SU ITMO supervised by Anatoly."— Presentation transcript:

1 Automata-Based Programming Technology Extension for Generation of JML Annotated Java Card Code Andrey Klebanov, CTD, SPb SU ITMO supervised by Anatoly Shalyto, Ph. D, prof. CTD, SPb SU ITMO

2 2 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

3 3 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

4 4 Smart Cards «Stupid» cards – cards with just magnetic stripe; Smarts cards – chip and memory are embedded: Mobile and secure credit card size computers; Very limited recourses – 1-4Kb RAM, 48-64Kb NVM (ROM) + 8-32Kb EEPROM; Main domains of use are secure storage of data, business transactions, authentication,... Vendor specific, difficult to develop applications.

5 5 Java Card Java platform for smart cards; Provides all the benefits of Java and also Allows to abstract away from low-level features of different cards; Applet isolation mechanism; Post-issuance applet downloading,... Java Card API 2.2.2 is a superset of Java API subset; Java Card 3.0 will be discussed in «Open questions» section.

6 6 Formal methods for JC Several reasons to attract formal methods researchers: Java Card domain of use, industry support; Complexity of updating; Relatively small, but real-world applications.

7 7 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

8 8 Automata-based programming overview Introduced by A. Shalyto in 1991; Sort of synchronous programming; Programs are treated as systems of automated controlled objects; Each system consists of control system and controlled objects; Control system - system of co-operating automata. X i – input action; Z i – output action; E – event; Control system Controlled object EZX

9 9 Automata-based programming benefits Formally describes application logic and behaviour; Perfect solution for reliable application development for reactive and embedded systems; Defines two types of diagrams for application description – connectivity schema and transition graphs; Fully supported by the UniMod tool Closes the gap between model and implementation via Java code generation; Finite state machine validation.

10 10 Automata-based programming for Java Card Half-duplex communication channel, master-slave model; Event driven interaction Host application – event provider; Smart card – controlled object. Standard structure of applet, logic is incapsulated in one method. «Java Card applet is a state machine.» Wikipedia Host applicationJava Card Runtime Environment (JCRE) Apple t Comman d APDU Responce APDU Smart cardCAD Passive state Active state install Commsnd handling ( process ) select deselect

11 11 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

12 12 JML JML is a behavioural interface specification language; JML is based on design by contract, but extends it greatly; Designed to be used by Java programmers; Tailored to Java; Doesnt require programs to be OO; A lot of tools are developed to support JML.

13 13 JML (cont.) Preconditions ( requires ), postconditions ( ensures ) and invariants ( invariant ); \old(var) – variable var value before method execution; Logical constructions (ex. implication) and constaraint consruction – constraints variable's value change in time; pure and assignable keywords.

14 14 JML (cont.) private fields could be declared as spec_public ; Quantifiers – \forall, \exists ; \min, \sum expressions; Allows to describe behaviour in exceptional situations; And much more!

15 15 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

16 16 Approach description Problem: Java Card code should be trustworthy and bug-free. Solution: automata-based programming + JML! Sub-problems to be solved: Extend automata-based programming code generation technologies; Convert state machine model to JML annotations; Explore different verification tools designed to work with JML.

17 17 Approach overview

18 18 Annotated code generation stage Model's XML description Templates Convertor application + Apache Velocity Java Card code + JML

19 19 Verification stage jmlc Fully automatic; Full language coverage; Doesnt prove errors absence. ESC/Java2 Fully automatic; Not sound, not complete; Good for common errors. KeY, Loop, Jack,... Powerful; Interactive. Model checking (SPIN, Bogor) Source code verification (JML tools) Byte code verification (BML tools) Tasks Type checkin g Static checking Verification Decidability level Source code verification on conformance to the model (JML tools)

20 20 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

21 21 Case study – description

22 22 Case study – several results Convinient notation for commands vs. byte arrays; /*@ invariant (state == APPLET_INITIALIZATION) || (state == VERIFY_PIN) || (state == DO_SOMETHING) || (state == SIM_CARD_IS_LOCKED); @*/ Precondition for the on enter to state SIM card is locked – //@ requires x1 > 3; (if x1 has no side effects).

23 23 Case study – several results (cont.) Transitions between states: /*@ constraint ((state == APPLET_INITIALIZATION) ==> (\old(state) == APPLET_INITIALIZATION)) && ((state == VERIFY_PIN) ==> ((\old(state) == VERIFY_PIN) || (\old(state) == APPLET_INITIALIZATION))) && ((state == DO_SOMETHING) ==> ((\old(state) == VERIFY_PIN) || (\old(state) == DO_SOMETHING))) && ((state == SIM_CARDS_IS_LOCKED) ==> ((\old(state) == VERIFY_PIN) || (\old(state) == SIM_CARDS_IS_LOCKED))) && ((\old(state) == APPLET_INITIALIZATION) ==> ((state == VERIFY_PIN) || (state == APPLET_INITIALIZATION))) && ((\old(state) == VERIFY_PIN) ==> ((state == VERIFY_PIN) || (state == DO_SOMETHING) || (state == SIM_CARDS_IS_LOCKED))) && ((\old(state) == DO_SOMETHING) ==> (state == DO_SOMETHING)) && ((\old(state) == SIM_CARDS_IS_LOCKED) ==> (state == SIM_CARDS_IS_LOCKED)); @*/

24 24 Outline Smart Cards Automata-based programming technology Java modelling language (JML) Approach description Case study Open questions

25 25 Open questions Java Card 3.0 Great new opportunities close to «big» Java!.. But possible problems for formal methods. Java ME Midlets are running on constraint devices... But much more powerful then smart cards. APDU Applet Container Applets Classic API HTTP Web Container Servlets Connected API JavaCard APIs

26 26 Thank you!

Download ppt "Automata-Based Programming Technology Extension for Generation of JML Annotated Java Card Code Andrey Klebanov, CTD, SPb SU ITMO supervised by Anatoly."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Analysis of Computer Algorithms

Analysis of Computer Algorithms
Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.

Program Verification Using the Spec# Programming System ETAPS Tutorial K. Rustan M. Leino, Microsoft Research, Redmond Rosemary Monahan, NUIM Maynooth.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 1 Embedded Computing.

1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 1 Embedded Computing.
ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.

ASYCUDA Overview … a summary of the objectives of ASYCUDA implementation projects and features of the software for the Customs computer system.
Credit hours: 4 Contact hours: 50 (30 Theory, 20 Lab) Prerequisite: TB143 Introduction to Personal Computers.

Credit hours: 4 Contact hours: 50 (30 Theory, 20 Lab) Prerequisite: TB143 Introduction to Personal Computers.
11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.

11 Copyright © 2005, Oracle. All rights reserved. Creating the Business Tier: Enterprise JavaBeans.
1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.

1 Copyright © 2005, Oracle. All rights reserved. Introducing the Java and Oracle Platforms.
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Making the System Operational

Making the System Operational
Peer-to-peer and agent-based computing Basic Theory of Agency.

Peer-to-peer and agent-based computing Basic Theory of Agency.
Universitá degli Studi di LAquila Mälardalens Högskola, Västerås 10th September 2009 Integrating Wireless Systems into Process Industry and Business Management.

Universitá degli Studi di LAquila Mälardalens Högskola, Västerås 10th September 2009 Integrating Wireless Systems into Process Industry and Business Management.
© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]

© Fachgebiet Softwaretechnik, Heinz Nixdorf Institut, Universität Paderborn 2.4 The Z Notation [Reference: M. Spivey: The Z Notation, Prentice Hall]
World Health Organization

World Health Organization
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design 1.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 14 Slide 1 Object-oriented Design 1.

Similar presentations

Ads by Google