Conference PaperPDF Available

BSmart: A Tool for the Development of Java Card Applications with the B Method

Authors:

Abstract and Figures

A smart card is a portable computer device able to store data and execute commands. Java Card [1] is a specialization of Java, providing vendor inter-operability for smart cards, and has now reached a de facto standard status in this industry. The strategic importance of this market and the requirement for a high reliability motivate the use of rigorous software development processes for smart card aware applications based on the Java Card technology. The B method [2] is a good candidate for such process, since it is a formal method with a successful record to address industrial-level software development. In [3,4], we proposed two versions of a Java Card software development method (called BSmart) based on the B method. The main feature of these methods is to abstract the particularities of smart card systems to the applications developers as much as possible. This abstract presents the current version of a tool, also called BSmart, to support the method. The tool provides the automatable steps required by the method and some guidelines and library machines that are useful during the development process. It includes B development tools (type checker, PO generator) and specific BSmart tools (refinement generator, Java Card translator, etc.). In this approach, the card services specifier only needs to apply some refinement steps to his abstract (implementation platform independent) B specification. The generation of these refinements adapts the specification to Java Card standards and introduces platform specific aspects gradually. Finally, from the concrete B refinements the Java Card code implementing the services provided by the card will be automatically generated by the tool. The tool also provides the generation of a Java API for the host-side application from the original abstract specification, encapsulating all the communication protocol details. Thus, the client application code can then be developed in a completely platform independent way. The definition of the method is in a mature stage, and our attention is now focused on the implementation of more robust versions of the BSmart tools and packaging them in a user-friendly environment. The integration of verification and animation tools is also planned for a next release of the tool.
Content may be subject to copyright.
BSmart: A Tool for the Development of Java Card
Applications with the B Method
D. D´eharbe1, B. E. G. Gomes1, and A. M. Moreira1
Federal University of Rio Grande do Norte; Natal, RN; Brazil
{david, bruno, anamaria}@consiste.dimap.ufrn.br
Abstract. BSmart is a tool to support a customized version of the B method for
engineering Java Card software components for Smart Card applications, which
require high-degrees of reliability and security.
1 Introduction
A smart card [1] is a portable computer device able to store data and execute com-
mands in a highly secure way. Java Card [2] is a specialization of Java, providing vendor
inter-operability for smart cards, and has now reached a de facto standard status in
this industry. The strategic importance of this market and the requirement for a high
reliability motivate the use of rigorous software development processes for smart card
aware applications based on the Java Card technology. The B method [3] is a good can-
didate for such process, since it is a formal method with a successful record to address
industrial-level software development.
In [4, 5], we proposed two versions of a Java Card software development method
(called BSmart) based on the B method. Section 2 summarizes the main steps of the
BSmart method.
In this paper, we present the current version of a tool (also called BSmart) to support
the BSmart method. The BSmart tool must provide the automatable steps required by
the method and some guidelines and library machines that can be useful during the
development process. Further details are provided in Section 3. Related work and final
considerations are drawn in Section 4.
2 The BSmart Method
Smart card applications [1] have a client-server architecture, with the services being
provided by the card, and the client (also called host application), executing in a terminal
to which the card is temporarily connected. Communication is carried out through the
APDU (Application Protocol Data Unit) protocol, defined in smart card standards [1].
The main feature of the BSmart method is to abstract, as much as possible, such platform
particularities from the developers of smart card aware applications.
The card services specifier only needs to apply some refinement steps to his ab-
stract (implementation platform independent) B specification (this specification is called
API.mch in the following). These refinements have the goal of adapting the specification
to Java Card standards and introducing platform specific aspects gradually. Also, as
usual in the B method, other refinement steps may be needed to make the substitutions
2
that define the operations directly translatable into Java Card code. Finally, the corre-
sponding services provided by the card (Java Card code) will automatically be generated
by the tool.
On the other side of the application, the developer of the host-side of the application
will see a Java API, also generated by the tool, which corresponds to the interface of
the original abstract specification from where the development started (API.mch). The
client application code can then be developed in a completely platform independent way.
3 The BSmart Tool
The BSmart tool is an
Fig. 1. A snapshot of the BSmart interface.
environment connecting several
software components, each re-
sponsible for implementing a
dierent step of the BSmart
method. BSmart is being devel-
oped as an Eclipse IDE plugin.
The choice for the use of Eclipse
was made mainly because it al-
lows a faster development of the
user interface and the easier and
faster distribution of the tool.
Also, with this choice, we align
BSmart with the RODIN plat-
form, also developed in Eclipse.
The dierent components
making up the BSmart environ-
ment are:
B parser and type checker jBTools [6] is the front-end of the environment. Respon-
sible for parsing and type-checking, it generates an XML intermediary format that
is later retrieved for further processing.
Proof obligations (PO) generator POs are generated with Batcave [7], that gener-
ates proof obligations in textual and Harvey 1formats.
BSmart modules Generator This component generates a full function refinement,
i.e., a refinement where all non-typing pre-conditions of each operation are checked
for explicitly, and exceptions are raised whenever they are not satisfied. It provides
a wizard for user-defined exception names or can generate them automatically. The
tool includes the creation of a specific B machine to specify exceptions and a module,
called Conversions, which defines useful abstraction for both client and server sides.
B-Java Card conformity checker This component verifies that some Java Card re-
lated restrictions (e.g., number of defined methods) are satisfied by the B specifica-
tion.
B to Java Card code translator This component translates all the B implementa-
tion modules into Java Card programming code. It is derived from the existing Java
1http://harvey.loria.fr/
3
synthesis component available in jBTools [6] by the introduction of Java Card spe-
cific rules. The tool generates the Java Card server application as well as an API for
the host side client. This API is responsible for abstracting the details of the Java
Card framework classes being used to communicate with the card side server. It also
handles coding the method arguments into communication protocol data units and
decoding the corresponding results.
4 Related Work and Conclusions
Related work [8] and tools, such as AtelierB and the BToolkit, concerning the generation
of imperative code from B specifications, have been around for a while. The generation of
object oriented code or models is however still a matter of current research as in, e.g., [9,
10], and a Java code generation tool has been developed [6]. This tool is also a product of
a smart card development project (Project BOM2), and takes care of some memory op-
timization issues. The development of BSmart builds upon this previous work. However,
in this previous work, the generated code needs to be manually modified to incorpo-
rate the communication and codification aspects particular to the Java Card platform,
whereas BSmart provides automated support to handle communication aspects.
At the moment of writing this paper, the definition of the method is in a mature
stage, and our attention is now focused on the implementation of more robust versions
of the BSmart tools and packaging them in a user-friendly environment. The integration
of the AtelierB provers in Batcave and of a B animation tool is also planned for a next
release of the tool.
References
1. Rankl, W., Eng, W.: Smart Card Handbook. John Wiley (2003)
2. Chen, Z.: Java Card Technology for Smart Cards: Architecture and Programmer’s Guide.
Addison Wesley (2000)
3. Abrial, J.R.: The B-Book: Assigning Programs to Meanings. Cambridge U. Press (1996)
4. Gomes, B., Moreira, A.M., D´eharbe, D.: Developing Java Card applications with B. In:
SBMF. (2005) 63–77
5. Deharbe, D., Gomes, B.G., Moreira, A.M.: Automation of Java Card component develop-
ment using the B method. In: ICECCS, IEEE Comp. Soc. (2006) 259–268
6. Tatibouet, B., Requet, A., Voisinet, J., Hammad, A.: Java Card code generation from B
specifications. In: ICFEM. Volume 2885 of LNCS. (2003) 306–318
7. Marinho, E., Jr, V.M., Tavares, C., D´eharbe, D.: Batcave - um ambiente de Verifica¸ao
Autom´atica para o M´etodo B. In: SBMF. (2007) 184–184
8. Bert, D., et al.: Adaptable translator of B specifications to embedded C programs. In:
FME. Volume 2805 of LNCS. (2003) 94–113
9. Idani, A., Ledru, Y.: Object oriented concepts identifications from formal B specifications.
In: FMICS. (2004)
10. Tatibouet, B., Hammad, A., Voisinet, J.C.: From abstract B specification to UML class
diagrams. In: ISSPIT. (2002)
2lifc.univ-fcomte.fr/RECHERCHE/TFC/rntl bom.html
... Previous work [2] [3] introduced the basic structure of the BSmart method. Its tool support has been also presented as a short paper in [4]. Here we describe the work current stage, including the API generation for the host side and the developed library machines that may be used in the process of specification, verification and code generation of these applications. ...
... The BSmart tool [4] is an Eclipse plugin connecting several software components, each responsible for implementing a different step of the BSmart method. Essential software for the B formal method is also included, such as a type checker, and connection with external tools, such as Atelier B, for proof obligation generation and verification. ...
Conference Paper
Full-text available
Smart Card applications usually require reliability and security to avoid incorrect operation or access violation in transactions and corruption or undue access to stored information. A way of reaching these requirements is improving the quality of the development process of these applications. BSmart is a method and a corresponding tool designed to support the formal development of the complete Java Card smart card application, following the B formal method.
Thesis
Full-text available
Assembly code synthesis is a process that requires rigorous care. Typically, this process in mature translators and compilers is relatively safe, though some errors have occasionally been identified. In a more restricted context, the translators used in the smaller communities and developed constantly have been more susceptible to these kind of errors. Considering this context, two translation and verification approaches using the B method have been presented. The first approach considers the B component translation to assembly code for a specific platform by using a formal model of the instruction set, which also allows to debug and to check program properties. This approach can formally ensure the semantic consistency of the translation, although the verification process is difficult and time-consuming. This verification effort was somewhat relieved by the development of BEval, a tool which has made better use of the verification techniques. After applying the automatic verification process using the Atelier B tool, BEval was still able to solve, in the certain models, many of the remaining proof obligations, reaching up to 88 \% of total obligations. However, the verification process of this translation approach is still complex, requiring several manual interactions. In order to make a translation more efficient and also safe, a second approach for the translating B to virtual machine code was developed. This second approach used the developed translator B2LLVM and applied the automatic generation of tests to check the consistency of the program specifications and their respective assembly code. This translator also supported the code coverage evaluation and the insertion of the traceability annotations. Thus, this study has significantly contributed to developing B translation to assembly code, providing rigorous support for the verification of the translation. Currently, the B2LLVM outweighs 20,9% the percentage of translatable test samples based on grammar compared to the C4B industrial translator. Furthermore, the generated code by B2LLVM has important advantages in the ample capacity of verification, integration and optimization.
Article
Full-text available
This paper presents a methodology for the rigorous de-velopment of Java Card smart card applications, using the B Method. Its main feature is to abstract the particularities of Java Card and smart card aware applications from the specifier as much as possible. In the proposed approach, the specification of the aplication logic does not need to take into account the specific aspects of the Java Card plat-form (in particular, communication between the card accep-tance device and the smart card itself). A sequence of pre-established refinements is then applied to the original spec-ification to yield an implementation-level B description of the component, which can then be used to synthesize Java Card code. An interesting side-effect of this approach is that the specification may be reused with any other platform of implementation.
Article
Full-text available
This paper addresses the graphical representation of static aspects of B specifications, using UML class diagrams. These diagrams can help understand the specification for stakeholders who are not familiar with the B method, such as customers or certification authorities. The paper first discusses some rules for a preliminary derivation of a class diagram. It then studies the consistency of the concepts preliminarily identified from an object oriented point of view. A formal concept analysis technique is used to distinguish between consistent classes, attributes, associations and operations. The proposed technique is to incrementally add operations to the formal specification which automatically result in evolution of the class diagram.
Conference Paper
Full-text available
This paper presents a method for the rigorous development of Java Card smart card applications, using the B Method. Its main feature is to abstract the particularities of Java Card and smart card aware applications from the specifier as much as possible. In the proposed approach, the specification of the application logic does not need to take into account the specific aspects of the Java Card platform (in particular, communication between the card acceptance device and the smart card itself). A sequence of preestablished refinements is then applied to the original specification to yield an implementation-level B description of the component, which can then be used to synthesize Java Card code. This method reduces significantly the required amount of user-interaction and improves productivity. An interesting side-effect of this approach is that the specification may be reused with any other platform of implementation.
Conference Paper
Full-text available
This paper presents the results of the RNTL BOM project, which aimed to develop an approach to generate efficient code from B formal developments. The target domain is smart card applications, in which memory and code size is an important factor. The results detailed in this paper are a new architecture of the translation process, a way to adapt the B 0 language in order to include types of the target language and a set of validated optimizations. An assessment of the proposed approach is given through a case study, relative to the development of a Java Card Virtual Machine environment.
Article
Tribute Foreword Introduction Part I. Mathematics: 1. Mathematical reasoning 2. Set notation 3. Mathematical objects Part II. Abstract Machines: 4. Introduction to abstract machines 5. Formal definition of abstract machines 6. Theory of abstract machines 7. Constructing large abstract machines 8. Examples of abstract machines Part III. Programming: 9. Sequencing and loop 10. Programming examples Part IV. Refinement: 11. Refinement 12. Constructing large software systems 13. Examples of refinement Appendixes Index.
Conference Paper
This paper presents a method for the rigorous development of Java Card smart card applications, using the B method. Its main feature is to abstract the particularities of Java Card and smart card aware applications from the specifier as much as possible. In the proposed approach, the specification of the application logic does not need to take into account the specific aspects of the Java Card platform (in particular, communication between the card acceptance device and the smart card itself). A sequence of pre-established refinements is then applied to the original specification to yield an implementation-level B description of the component, which can then be used to synthesize Java Card code. This method reduces significantly the required amount of user-interaction and improves productivity. An interesting side-effect of this approach is that the specification may be reused with any other platform of implementation
Conference Paper
The French BOM (B with Optimised Memory) project has analysed issues related to code generation from B specifications. This analysis was built upon the shortcoming of the existing translators, and led to proposals to generate optimised code suitable for embedding in highly memory-constrained devices, such as smart cards. Two code translators have been developed: one targetting C, suitable for system or virtual machine development; the second targetting object oriented languages. This second translator enables the writing of Java Card applications. This paper presents results of the BOM project related to the Open-Source Java/Java Card translator.
Book
The B method is a means for specifying, designing and coding software systems. The long-awaited B Book is the standard reference for everything concerning this method. It contains the mathematical basis on which it is founded, the precise definitions of the notations used, and a large number of examples illustrating its use in practice. J.-R. Abrial, the inventor of B, has written the book in such a way that it can be used for self-study or for reference. It is in four parts, the first dealing with the mathematical foundations, including a systematic construction of predicate logic and set theory, and the definition of the various mathematical structures that are needed to formalize software systems; the author places special emphasis on the notion of proof. The second part contains a presentation of the Generalized Substitution Language and of the Abstract Machine Notation, which are both used to specify software systems; the author gives examples to show how large specifications can be constructed systematically. The next part introduces the two basic programming features of sequencing and loop, with examples showing how to construct small algorithms. The last part covers the very important notion of refinement. It shows how to construct large software systems by means of layered architectures of modules. It culminates with the presentation of several examples of complete development with a special emphasis on the methodological approach. Finally, appendices give summaries of all the logical and mathematical definitions, and of all the rules and proof obligations. With the appearance of The B Book, formal methods practitioners, computer scientists, and systems developers at last will have access to the definitive account of what will become one of the standard approaches to the construction of software systems.