Verified formal security models for multiapplicative smart cards 1

• Published in: Journal of computer security Vol. 10; no. 4; pp. 339 - 367
• Main Authors: Schellhorn, Gerhard, Reif, Wolfgang, Schairer, Axel, Karger, Paul, Austel, Vernon, Toll, David
• Format: Journal Article
• Language: English
• Published: London, England SAGE Publications 01.10.2002
• ISSN: 0926-227X; 1875-8924
• DOI: 10.3233/JCS-2002-10403

We present two generic formal security models for operating systems of multiapplicative smart cards. The models formalize the main security aspects of secrecy, integrity, secure communication between applications and secure downloading of new applications. The first model is as abstract as possible, whereas the second extends the first by adding practically relevant issues such as a structured file system. The models satisfy a common security policy consisting of authentication and intransitive noninterference. The policy extends the classical security policy of Bell/LaPadula and Biba models, but avoids the need for trusted processes that are allowed to circumvent the security policy. Instead trusted processes are incorporated directly in the model itself and are subject to the security policy. The security policy has been formally proven to be correct for both models.