Towards Development of Safe and Secure Java Card Applets
Licentiate thesis, 2002

This thesis is concerned with different aspects of Java Card application development and use of formal methods in the Java Card world. Java Card is a technology that provides means to program smart (chip) cards with (a subset of) the Java language. The use of formal methods in the Java Card context is highly justified due to the criticality of Java Card applications. First of all, Java Card applications are usually security critical (e.g., authentication, electronic cash), second, they are cost critical (i.e. they are distributed in large amounts making updates quite difficult) and finally, they can also be legally critical (e.g., when the digital signature law is considered). Thus the robustness and correctness of Java Card applications should be enforced by the best means possible, i.e. by the use of formal verification techniques. At the same time Java Card seems to be a good target for formal verification - due to the relative simplicity of Java Card applications (as compared to full Java), formal verification becomes a feasible and manageable task. In this thesis, we touch upon different levels of Java Card application development and the use of formal methods. We start by defining a UML/OCL supported development process specifically tailored to Java Card applications, then we go on to define an extension to the logic used in formal verification of Java Card programs to handle so called "rip out" properties (properties that should be maintained in case of an unexpected termination of a Java Card program), which are specific to Java Card. Finally, we end up with a simple tool support for Java Card program compilation and testing inside a CASE tool. The thesis contains three papers focusing on these aspects. The main purpose of this work is to ensure the robustness of Java Card applications by providing a well defined development process and means to formally verify properties specific to Java Card applications to be able to develop Java Card applets which are robust "by design". At the same time we want to make rigorous Java Card development relatively easy, tool supported (automated wherever possible) and usable by people that do not have years of training in formal methods.

formal methods


formal specification

object-oriented development

formal verification

Dynamic Logic



Java Card


Wojciech Mostowski

Chalmers, Department of Computing Science

1651-4963 (ISSN)

A Program Logic for Handling Java Card's Transaction Mechanism

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),; Vol. 2621(2003)p. 246-260

Paper in proceeding

Rigorous Development of Java Card Applications

Other conference contribution

Subject Categories

Computer and Information Science

Technical report L - School of Computer Science and Engineering, Chalmers University of Technology: 16L

More information