{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,19]],"date-time":"2025-03-19T09:54:11Z","timestamp":1742378051064},"publisher-location":"Berlin, Heidelberg","reference-count":97,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540289555"},{"type":"electronic","value":"9783540319368"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2005]]},"DOI":"10.1007\/11554578_5","type":"book-chapter","created":{"date-parts":[[2005,9,27]],"date-time":"2005-09-27T08:51:11Z","timestamp":1127811071000},"page":"133-177","source":"Crossref","is-referenced-by-count":4,"title":["Formal Methods for Smartcard Security"],"prefix":"10.1007","author":[{"given":"Gilles","family":"Barthe","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guillaume","family":"Dufay","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"Roadmap for European Research on Smartcard Technologies, http:\/\/www.ercim.org\/reset"},{"key":"5_CR2","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1017\/S0956796804005453","volume":"15","author":"A. Banerjee","year":"2005","unstructured":"Banerjee, A., Naumann, D.: Stack-based access control for secure information flow. Journal of Functional Programming\u00a015, 131\u2013177 (2005); Special Issue on Language-Based Security.","journal-title":"Journal of Functional Programming"},{"key":"5_CR3","series-title":"Electronic Notes in Theoretical Computer Science","volume-title":"Proceedings of Bytecode 2005","author":"F. Bannwart","year":"2005","unstructured":"Bannwart, F., M\u00fcller, P.: A program logic for bytecode. In: Spoto, F. (ed.) Proceedings of Bytecode 2005. Electronic Notes in Theoretical Computer Science. Elsevier Publishing, Amsterdam (2005)"},{"key":"5_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1007\/978-3-540-30569-9_3","volume-title":"Construction and Analysis of Safe, Secure, and Interoperable Smart Devices","author":"M. Barnett","year":"2005","unstructured":"Barnett, M., Leino, K.R.M., Schulte, W.: The spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol.\u00a03362, pp. 50\u201371. Springer, Heidelberg (2005)"},{"key":"5_CR5","doi-asserted-by":"crossref","unstructured":"Barthe, G., Courtieu, P., Dufay, G., de Melo Sousa, S.: Jakarta: tool-assisted specification and verification of the JavaCard Platform. Journal of Automated Reasoning (2006) (to appear)","DOI":"10.1007\/s10817-005-0084-6"},{"key":"5_CR6","first-page":"100","volume-title":"Proceedings of CSFW 2004","author":"G. Barthe","year":"2004","unstructured":"Barthe, G., D\u2019Argenio, P., Rezk, T.: Secure Information Flow by Self-Composition. In: Foccardi, R. (ed.) Proceedings of CSFW 2004, pp. 100\u2013114. IEEE Press, Los Alamitos (2004)"},{"key":"5_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"99","DOI":"10.1007\/978-3-540-24721-0_7","volume-title":"Fundamental Approaches to Software Engineering","author":"G. Barthe","year":"2004","unstructured":"Barthe, G., Dufay, G.: A Tool-Assisted Framework for Certified Bytecode Verification. In: Wermelinger, M., Margaria-Steffen, T. (eds.) FASE 2004. LNCS, vol.\u00a02984, pp. 99\u2013113. Springer, Heidelberg (2004)"},{"key":"5_CR8","volume-title":"Proceedings of SEFM 2005","author":"G. Barthe","year":"2005","unstructured":"Barthe, G., Pavlova, M., Schneider, G.: Precise analysis of memory consumption using program logics. In: Aichernig, B., Beckert, B. (eds.) Proceedings of SEFM 2005. IEEE Press, Los Alamitos (2005)"},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"103","DOI":"10.1145\/1040294.1040304","volume-title":"Proceedings of TLDI 2005","author":"G. Barthe","year":"2005","unstructured":"Barthe, G., Rezk, T.: Non-interference for a JVM-like language. In: F\u00e4hndrich, M. (ed.) Proceedings of TLDI 2005, pp. 103\u2013112. ACM Press, New York (2005)"},{"issue":"3-4","key":"5_CR10","doi-asserted-by":"publisher","first-page":"399","DOI":"10.1023\/A:1025059508087","volume":"30","author":"D. Basin","year":"2003","unstructured":"Basin, D., Friedrich, S., Gawkowski, M.: Bytecode Verification by Model Checking. Journal of Automated Reasoning\u00a030(3-4), 399\u2013444 (2003)","journal-title":"Journal of Automated Reasoning"},{"key":"5_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1007\/3-540-45319-9_21","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"J. Berg van den","year":"2001","unstructured":"van den Berg, J., Jacobs, B.: The LOOP Compiler for Java and JML. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol.\u00a02031, pp. 299\u2013312. Springer, Heidelberg (2001)"},{"key":"5_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"137","DOI":"10.1007\/3-540-45165-X_11","volume-title":"Java on Smart Cards: Programming and Security","author":"J. Berg van den","year":"2001","unstructured":"van den Berg, J., Jacobs, B., Poll, E.: Formal Specification and Verification of JavaCard\u2019s Application Identifier Class. In: Attali, I., Jensen, T. (eds.) JavaCard 2000. LNCS, vol.\u00a02041, pp. 137\u2013150. Springer, Heidelberg (2001)"},{"key":"5_CR13","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1145\/571157.571166","volume-title":"Proceedings of PPDP 2002","author":"F. Besson","year":"2002","unstructured":"Besson, F., de Grenier Latour, T., Jensen, T.: Secure calling contexts for stack inspection. In: Proceedings of PPDP 2002, pp. 76\u201387. ACM Press, New York (2002)"},{"key":"5_CR14","doi-asserted-by":"crossref","first-page":"217","DOI":"10.3233\/JCS-2001-9303","volume":"9","author":"F. Besson","year":"2001","unstructured":"Besson, F., Jensen, T., Le M\u00e9tayer, D., Thorn, T.: Model checking security properties of control flow graphs. Journal of Computer Security\u00a09, 217\u2013250 (2001)","journal-title":"Journal of Computer Security"},{"key":"5_CR15","doi-asserted-by":"crossref","first-page":"369","DOI":"10.3233\/JCS-2002-10404","volume":"10","author":"P. Bieber","year":"2002","unstructured":"Bieber, P., Cazin, J., Wiels, V., Zanon, G., Girard, P., Lanet, J.-L.: Checking Secure Interactions of Smart Card Applets: Extended version. Journal of Computer Security\u00a010, 369\u2013398 (2002)","journal-title":"Journal of Computer Security"},{"issue":"6","key":"5_CR16","doi-asserted-by":"publisher","first-page":"713","DOI":"10.1145\/945885.945886","volume":"25","author":"B. Blanchet","year":"2003","unstructured":"Blanchet, B.: Escape analysis for java: Theory and practice. ACM Transactions on Programming Languages and Systems\u00a025(6), 713\u2013775 (2003)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"5_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"304","DOI":"10.1007\/3-540-45719-4_21","volume-title":"Algebraic Methodology and Software Technology","author":"C. Breunesse","year":"2002","unstructured":"Breunesse, C., Jacobs, B., van den Berg, J.: Specifying and Verifying a Decimal Representation in Java for Smart Cards. In: Kirchner, H., Ringeissen, C. (eds.) AMAST 2002. LNCS, vol.\u00a02422, pp. 304\u2013318. Springer, Heidelberg (2002)"},{"key":"5_CR18","doi-asserted-by":"crossref","unstructured":"Burdy, L., Cheon, Y., Cok, D.R., Ernst, M.D., Kiniry, J., Leavens, G.T., Leino, K.R.M., Poll, E.: An overview of JML tools and applications. In: International Journal on Software Tools for Technology Transfer (2005) (to appear)","DOI":"10.1007\/s10009-004-0167-4"},{"key":"5_CR19","unstructured":"Burdy, L., Pavlova, M.: Annotation carrying code. Manuscript (2005)"},{"key":"5_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"422","DOI":"10.1007\/978-3-540-45236-2_24","volume-title":"FME 2003: Formal Methods","author":"L. Burdy","year":"2003","unstructured":"Burdy, L., Requet, A., Lanet, J.-L.: Java Applet Correctness: a Developer-Oriented Approach. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol.\u00a02805, pp. 422\u2013439. Springer, Heidelberg (2003)"},{"key":"5_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"91","DOI":"10.1007\/11526841_8","volume-title":"FM 2005: Formal Methods","author":"D. Cachera","year":"2005","unstructured":"Cachera, D., Jensen, T., Pichardie, D., Schneider, G.: Certified Memory Usage Analysis. In: Fitzgerald, J.S., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol.\u00a03582, pp. 91\u2013106. Springer, Heidelberg (2005)"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1007\/3-540-45418-7_5","volume-title":"Smart Card Programming and Security","author":"D. Caromel","year":"2001","unstructured":"Caromel, D., Henrio, L., Serpette, B.: Context inference for static analysis of Java card object sharing. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol.\u00a02140, pp. 43\u201357. Springer, Heidelberg (2001)"},{"key":"5_CR23","volume-title":"Proceedings of DSN 2002","author":"L. Casset","year":"2002","unstructured":"Casset, L., Burdy, L., Requet, A.: Formal Development of an Embedded Verifier for JavaCard ByteCode. In: Proceedings of DSN 2002. IEEE Computer Society Press, Los Alamitos (2002)"},{"key":"5_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"311","DOI":"10.1007\/978-3-540-31987-0_22","volume-title":"Programming Languages and Systems","author":"A. Chander","year":"2005","unstructured":"Chander, A., Espinosa, D., Islam, N., Lee, P., Necula, G.: Enforcing Resource Bounds via Static Verification of Dynamic Checks. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol.\u00a03444, pp. 311\u2013325. Springer, Heidelberg (2005)"},{"key":"5_CR25","series-title":"Electronic Notes in Theoretical Computer Science","volume-title":"Proceedings of AIOOL 2005","author":"B.-Y.E. Chang","year":"2005","unstructured":"Chang, B.-Y.E., Leino, K.R.M.: Inferring object invariants. In: Cortesi, A., Logozzo, F. (eds.) Proceedings of AIOOL 2005. Electronic Notes in Theoretical Computer Science. Elsevier Publishing, Amsterdam (2005) (to appear)"},{"key":"5_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1007\/3-540-47993-7_10","volume-title":"ECOOP 2002 - Object-Oriented Programming","author":"Y. Cheon","year":"2002","unstructured":"Cheon, Y., Leavens, G.T.: A Simple and Practical Approach to Unit Testing: The JML and JUnit Way. In: Magnusson, B. (ed.) ECOOP 2002. LNCS, vol.\u00a02374, pp. 231\u2013255. Springer, Heidelberg (2002)"},{"issue":"7","key":"5_CR27","doi-asserted-by":"publisher","first-page":"647","DOI":"10.1002\/cpe.798","volume":"16","author":"A. Coglio","year":"2004","unstructured":"Coglio, A.: Simple verification technique for complex Java bytecode subroutines. Concurrency and Computation: Practice and Experience\u00a016(7), 647\u2013670 (2004)","journal-title":"Concurrency and Computation: Practice and Experience"},{"key":"5_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-30569-9_6","volume-title":"Construction and Analysis of Safe, Secure, and Interoperable Smart Devices","author":"D.R. Cok","year":"2005","unstructured":"Cok, D.R., Kiniry, J.R.: ESC Java2: Uniting ESC Java and JML \u2014 progress and issues in building and using ESC Java2, including a case study involving the use of the tool to verify portions of an Internet voting tally system. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol.\u00a03362, pp. 108\u2013128. Springer, Heidelberg (2005)"},{"key":"5_CR29","unstructured":"Connected Limited Device Configuration (CLDC) and the K Virtual Machine (KVM), http:\/\/java.sun.com\/products\/cldc"},{"key":"5_CR30","unstructured":"Coq Development Team. The Coq Proof Assistant User\u2019s Guide. Version 8.0 (January 2004)"},{"key":"5_CR31","unstructured":"Common Criteria, http:\/\/www.commoncriteria.org"},{"key":"5_CR32","unstructured":"Darvas, A., H\u00e4hnle, R., Sands, D.: A theorem proving approach to analysis of secure information flow. In: Informal proceedings of WITS 2003 (2003)"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"Darvas, A., M\u00fcller, P.: Reasoning About Method Calls in JML Specifications. Manuscript (2005)","DOI":"10.5381\/jot.2006.5.5.a3"},{"key":"5_CR34","unstructured":"Deville, D., Grimaud, G.: Building an \u201cimpossible\u201d verifier on a Java Card. In: Proceedings of WIESS 2002. Usenix Association (2002)"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Dietl, W., M\u00fcller, P.: Universes: Lightweight ownership for JML. Journal of Object Technology, JOT (2005) (to appear)","DOI":"10.5381\/jot.2005.4.8.a1"},{"key":"5_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-30569-9_7","volume-title":"Construction and Analysis of Safe, Secure, and Interoperable Smart Devices","author":"W. Dietl","year":"2005","unstructured":"Dietl, W., M\u00fcller, P., Poetzsch-Heffter, A.: A type system for checking applet isolation in Java Card. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol.\u00a03362, pp. 129\u2013150. Springer, Heidelberg (2005)"},{"key":"5_CR37","volume-title":"A Discipline of Programming","author":"E.W. Dijkstra","year":"1976","unstructured":"Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)"},{"key":"5_CR38","unstructured":"Dufay, G.: V\u00e9rification formelle de la plateforme JavaCard. PhD thesis, Universit\u00e9 de Nice Sophia-Antipolis (2003)"},{"key":"5_CR39","series-title":"Lecture Notes in Artificial Intelligence","doi-asserted-by":"publisher","first-page":"116","DOI":"10.1007\/11532231_9","volume-title":"Automated Deduction \u2013 CADE-20","author":"G. Dufay","year":"2005","unstructured":"Dufay, G., Felty, A., Matwin, S.: Privacy-Sensitive Information Flow with JML. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol.\u00a03632, pp. 116\u2013130. Springer, Heidelberg (2005)"},{"key":"5_CR40","unstructured":"Eluard, M., Jensen, T.: Secure object flow analysis for java card. In: Proceedings of CARDIS 2002. USENIX Association, pp. 97\u2013110 (2002)"},{"key":"5_CR41","series-title":"ACM SIGPLAN Notices","first-page":"338","volume-title":"Proceedings of PLDI 2003","author":"C. Flanagan","year":"2003","unstructured":"Flanagan, C., Qadeer, S.: A type and effect system for atomicity. In: Proceedings of PLDI 2003, May 2003. ACM SIGPLAN Notices, vol.\u00a038, pp. 338\u2013349. ACM Press, New York (2003)"},{"key":"5_CR42","first-page":"193","volume-title":"Proceedings of POPL 2001","author":"C. Flanagan","year":"2001","unstructured":"Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: generating compact verification conditions. In: Proceedings of POPL 2001, pp. 193\u2013205. ACM Press, New York (2001)"},{"key":"5_CR43","doi-asserted-by":"crossref","unstructured":"Floyd, R.W.: Assigning meanings to programs. In: Mathematical Aspects of Computer Science, Proceedings of Symposia in Applied Mathematics, pp. 19\u201332. American Mathematical Society (1967)","DOI":"10.1090\/psapm\/019\/0235771"},{"key":"5_CR44","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1145\/1028976.1029010","volume-title":"Proceedings of OOPSLA 2004","author":"P. Fong","year":"2004","unstructured":"Fong, P.: Pluggable verification modules: An extensible protection mechanism for the JVM. In: Proceedings of OOPSLA 2004, pp. 404\u2013418. ACM Press, New York (2004)"},{"issue":"4","key":"5_CR45","doi-asserted-by":"publisher","first-page":"379","DOI":"10.1145\/363516.363523","volume":"9","author":"P. Fong","year":"2000","unstructured":"Fong, P., Cameron, R.: Proof linking: modular verification of mobile programs in the presence of lazy, dynamic linking. ACM Transactions on Software Engineering and Methodology\u00a09(4), 379\u2013409 (2000)","journal-title":"ACM Transactions on Software Engineering and Methodology"},{"key":"5_CR46","series-title":"Electronic Notes in Theoretical Computer Science","first-page":"217","volume-title":"Proceedings of RV\u201904","author":"L.-A. Fredlund","year":"2004","unstructured":"Fredlund, L.-A.: Guaranteeing correctness properties of a java card applet. In: Havelund, K., Rosu, G. (eds.) Proceedings of RV\u201904. Electronic Notes in Theoretical Computer Science, vol.\u00a0113, pp. 217\u2013233. Elsevier Publishing, Amsterdam (2004)"},{"issue":"3-4","key":"5_CR47","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1023\/A:1025011624925","volume":"30","author":"S.N. Freund","year":"2003","unstructured":"Freund, S.N., Mitchell, J.C.: A Type System for the Java Bytecode Language and Verifier. Journal of Automated Reasoning\u00a030(3-4), 271\u2013321 (2003)","journal-title":"Journal of Automated Reasoning"},{"issue":"4","key":"5_CR48","doi-asserted-by":"publisher","first-page":"517","DOI":"10.1145\/503112.503115","volume":"33","author":"P. Hartel","year":"2001","unstructured":"Hartel, P., Moreau, L.: Formalizing the Safety of Java, the Java Virtual Machine and Java Card. ACM Computing Surveys\u00a033(4), 517\u2013558 (2001)","journal-title":"ACM Computing Surveys"},{"key":"5_CR49","unstructured":"Henrio, L., Serpette, B.: A parameterized polyvariant bytecode verifier. In: Filliatre, J.-C. (ed.) Proceedings of JFLA 2003 (2003)"},{"key":"5_CR50","doi-asserted-by":"publisher","first-page":"227","DOI":"10.1145\/944705.944726","volume-title":"Proceedings of ICFP 2003","author":"T. Higuchi","year":"2003","unstructured":"Higuchi, T., Ohori, A.: A static type system for JVM access control. In: Proceedings of ICFP 2003, pp. 227\u2013237. ACM Press, New York (2003)"},{"issue":"10","key":"5_CR51","doi-asserted-by":"publisher","first-page":"576","DOI":"10.1145\/363235.363259","volume":"12","author":"C.A.R. Hoare","year":"1969","unstructured":"Hoare, C.A.R.: An axiomatic basis for computer programming. Commununications of ACM\u00a012(10), 576\u2013580 (1969)","journal-title":"Commununications of ACM"},{"key":"5_CR52","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"241","DOI":"10.1007\/978-3-540-27815-3_21","volume-title":"Algebraic Methodology and Software Technology","author":"B. Jacobs","year":"2004","unstructured":"Jacobs, B., March\u00e9, C., Rauch, N.: Formal verification of a commercial smart card applet with multiple tools. In: Rattray, C., Maharaj, S., Shankland, C. (eds.) AMAST 2004. LNCS, vol.\u00a03116, pp. 241\u2013257. Springer, Heidelberg (2004)"},{"key":"5_CR53","unstructured":"JavaCard Technology, http:\/\/java.sun.com\/products\/javacard"},{"key":"5_CR54","unstructured":"Jikes Research Virtual Machine, http:\/\/jikesrvm.sourceforge.net\/"},{"key":"5_CR55","unstructured":"JML Specification Language, http:\/\/www.jmlspecs.org"},{"issue":"1","key":"5_CR56","doi-asserted-by":"publisher","first-page":"59","DOI":"10.1016\/S0164-1212(03)00057-8","volume":"72","author":"J.W. Jo","year":"2004","unstructured":"Jo, J.W., Chang, B.M., Yi, K., Choe, K.M.: An uncaught exception analysis for Java. Journal of systems and software\u00a072(1), 59\u201369 (2004)","journal-title":"Journal of systems and software"},{"key":"5_CR57","first-page":"194","volume-title":"Proceedings of POPL 1973","author":"G.A. Kildall","year":"1973","unstructured":"Kildall, G.A.: A unified approach to global program optimization. In: Proceedings of POPL 1973, pp. 194\u2013206. ACM Press, New York (1973)"},{"issue":"3","key":"5_CR58","doi-asserted-by":"publisher","first-page":"583","DOI":"10.1016\/S0304-3975(02)00869-1","volume":"298","author":"G. Klein","year":"2002","unstructured":"Klein, G., Nipkow, T.: Verified bytecode verifiers. Theoretical Computer Science\u00a0298(3), 583\u2013626 (2002)","journal-title":"Theoretical Computer Science"},{"key":"5_CR59","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"363","DOI":"10.1007\/3-540-44525-0_21","volume-title":"ZB 2000: Formal Specification and Development in Z and B","author":"J.-L. Lanet","year":"2000","unstructured":"Lanet, J.-L.: Are smart cards the ideal domain for applying formal methods? In: P. Bowen, J., Dunne, S., Galloway, A., King, S. (eds.) B 2000, ZUM 2000, and ZB 2000. LNCS, vol.\u00a01878, pp. 363\u2013374. Springer, Heidelberg (2000)"},{"issue":"1","key":"5_CR60","doi-asserted-by":"publisher","first-page":"741","DOI":"10.1016\/S0304-3975(02)00330-4","volume":"290","author":"C. Laneve","year":"2002","unstructured":"Laneve, C.: A Type System for JVM Threads. Theoretical Computer Science\u00a0290(1), 741\u2013778 (2002)","journal-title":"Theoretical Computer Science"},{"key":"5_CR61","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1016\/j.scico.2004.05.016","volume":"55","author":"K.R.M. Leino","year":"2005","unstructured":"Leino, K.R.M., Millstein, T., Saxe, J.B.: Generating error traces from verification-condition counterexamples. Science of Computer Programming\u00a055, 209\u2013226 (2005)","journal-title":"Science of Computer Programming"},{"key":"5_CR62","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"150","DOI":"10.1007\/3-540-45418-7_13","volume-title":"Smart Card Programming and Security","author":"X. Leroy","year":"2001","unstructured":"Leroy, X.: On-card bytecode verification for Java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol.\u00a02140, pp. 150\u2013164. Springer, Heidelberg (2001)"},{"issue":"3-4","key":"5_CR63","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1023\/A:1025055424017","volume":"30","author":"X. Leroy","year":"2003","unstructured":"Leroy, X.: Java bytecode verification: algorithms and formalizations. Journal of Automated Reasoning\u00a030(3-4), 235\u2013269 (2003)","journal-title":"Journal of Automated Reasoning"},{"key":"5_CR64","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"211","DOI":"10.1007\/978-3-540-24622-0_18","volume-title":"Verification, Model Checking, and Abstract Interpretation","author":"F. Logozzo","year":"2004","unstructured":"Logozzo, F.: Automatic inference of class invariants. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol.\u00a02937, pp. 211\u2013222. Springer, Heidelberg (2004)"},{"key":"5_CR65","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1016\/j.jlap.2003.07.006","volume":"58","author":"C. March\u00e9","year":"2004","unstructured":"March\u00e9, C., Paulin-Mohring, C., Urbain, X.: The Krakatoa tool for certification of Java\/JavaCard Programs annotated with JML Annotations. Journal of Logic and Algebraic Programming\u00a058, 89\u2013106 (2004)","journal-title":"Journal of Logic and Algebraic Programming"},{"key":"5_CR66","unstructured":"Marlet, R., Le M\u00e9tayer, D.: Security properties and java card specificities to be studied in the secsafe project. Technical Report SECSAFE-TL-006, Trusted Logic S.A. (August 2001)"},{"key":"5_CR67","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1007\/3-540-45116-1_3","volume-title":"Information Assurance in Computer Networks. Methods, Models and Architectures for Network Security","author":"C. Meadows","year":"2001","unstructured":"Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol.\u00a02052, p. 21. Springer, Heidelberg (2001)"},{"key":"5_CR68","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"165","DOI":"10.1007\/3-540-45418-7_14","volume-title":"Smart Card Programming and Security","author":"H. Meijer","year":"2001","unstructured":"Meijer, H., Poll, E.: Towards a full formal specification of the java card. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol.\u00a02140, pp. 165\u2013178. Springer, Heidelberg (2001)"},{"key":"5_CR69","volume-title":"Object-Oriented Software Construction","author":"B. Meyer","year":"1997","unstructured":"Meyer, B.: Object-Oriented Software Construction, 2nd edn. Prentice-Hall, Englewood Cliffs (1997)","edition":"2"},{"key":"5_CR70","unstructured":"Meyer, J., M\u00fcller, P., Poetzsch-Heffter, A.: The jive system\u2014implementation description (2000), Available from http:\/\/sct.inf.ethz.ch\/publications"},{"key":"5_CR71","unstructured":"Montgomery, M., Krishna, K.: Secure Object Sharing in Java Card. In: Proceedings of Usenix workshop on Smart Card Technology, Smartcard 1999 (1999)"},{"key":"5_CR72","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-45651-1","volume-title":"Modular Specification and Verification of Object-Oriented Programs","author":"P. M\u00fcller","year":"2002","unstructured":"M\u00fcller, P.: Modular Specification and Verification of Object-Oriented Programs. In: M\u00fcller, P. (ed.) Modular Specification and Verification of Object-Oriented Programs. LNCS, vol.\u00a02262. Springer, Heidelberg (2002)"},{"key":"5_CR73","first-page":"228","volume-title":"Proceedings of POPL 1999","author":"A.C. Myers","year":"1999","unstructured":"Myers, A.C.: Jflow: Practical mostly-static information flow control. In: Proceedings of POPL 1999, pp. 228\u2013241. ACM Press, New York (1999)"},{"key":"5_CR74","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1145\/263699.263712","volume-title":"Proceedings of POPL 1997","author":"G.C. Necula","year":"1997","unstructured":"Necula, G.C.: Proof-Carrying Code. In: Proceedings of POPL 1997, pp. 106\u2013119. ACM Press, New York (1997)"},{"key":"5_CR75","doi-asserted-by":"crossref","unstructured":"Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. In: Proceedings of OSDI 1996, pp. 229\u2013243. Usenix (1996)","DOI":"10.1145\/238721.238781"},{"key":"5_CR76","doi-asserted-by":"crossref","unstructured":"Necula, G.C., Lee, P.: The Design and Implementation of a Certifying Compiler. In: Proceedings of PLDI 1998, pp. 333\u2013344 (1998)","DOI":"10.1145\/277650.277752"},{"key":"5_CR77","series-title":"Software Engineering Notes","first-page":"232","volume-title":"Proceedings of ISSTA 2002","author":"J.W. Nimmer","year":"2002","unstructured":"Nimmer, J.W., Ernst, M.D.: Automatic generation of program specifications. In: Proceedings of ISSTA 2002. Software Engineering Notes, vol.\u00a027(4), pp. 232\u2013242. ACM Press, New York (2002)"},{"key":"5_CR78","unstructured":"OVM project, http:\/\/www.ovmj.org\/"},{"key":"5_CR79","volume-title":"Proceedings of CARDIS 2004","author":"M. Pavlova","year":"2004","unstructured":"Pavlova, M., Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L.: Enforcing high-level security properties for applets. In: Paradinas, P., Quisquater, J.-J. (eds.) Proceedings of CARDIS 2004. Kluwer, Dordrecht (2004)"},{"key":"5_CR80","unstructured":"Global Platform, See, http:\/\/www.globalplatform.org"},{"key":"5_CR81","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"175","DOI":"10.1007\/BFb0055863","volume-title":"Computer Security \u2013 ESORICS 98","author":"J. Posegga","year":"1998","unstructured":"Posegga, J., Vogt, H.: Byte Code Verification for Java Smart Cards Based on Model Checking. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol.\u00a01485, pp. 175\u2013190. Springer, Heidelberg (1998)"},{"issue":"2","key":"5_CR82","doi-asserted-by":"publisher","first-page":"344","DOI":"10.1145\/1057387.1057392","volume":"27","author":"F. Pottier","year":"2005","unstructured":"Pottier, F., Skalka, C., Smith, S.: A systematic approach to static access control. ACM Transactions on Programming Languages and Systems\u00a027(2), 344\u2013382 (2005)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"5_CR83","unstructured":"Mobius Project, http:\/\/mobius.inria.fr"},{"key":"5_CR84","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"41","DOI":"10.1007\/10930755_3","volume-title":"Theorem Proving in Higher Order Logics","author":"C.L. Quigley","year":"2003","unstructured":"Quigley, C.L.: A Programming Logic for Java Bytecode Programs. In: Basin, D., Wolff, B. (eds.) TPHOLs 2003. LNCS, vol.\u00a02758, pp. 41\u201354. Springer, Heidelberg (2003)"},{"key":"5_CR85","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1007\/978-3-540-24730-2_31","volume-title":"Tools and Algorithms for the Construction and Analysis of Systems","author":"Robby","year":"2004","unstructured":"Robby, Rodr\u00edguez, E., Dwyer, M.B., Hatcliff, J.: Checking strong specifications using an extensible software model checking framework. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol.\u00a02988, pp. 404\u2013420. Springer, Heidelberg (2004)"},{"key":"5_CR86","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1007\/11531142_24","volume-title":"ECOOP 2005 - Object-Oriented Programming","author":"E. Rodriguez","year":"2005","unstructured":"Rodriguez, E., Dwyer, M.B., Flanagan, C., Hatcliff, J., Leavens, G.T., Robby: Extending jml for modular specification and verification of multi-threaded programs. In: Black, A.P. (ed.) ECOOP 2005. LNCS, vol.\u00a03586, pp. 551\u2013576. Springer, Heidelberg (2005)"},{"key":"5_CR87","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1109\/JSAC.2002.806121","volume":"21","author":"A. Sabelfeld","year":"2003","unstructured":"Sabelfeld, A., Myers, A.: Language-Based Information-Flow Security. IEEE Journal on Selected Areas in Comunications\u00a021, 5\u201319 (2003)","journal-title":"IEEE Journal on Selected Areas in Comunications"},{"key":"5_CR88","volume-title":"Proceedings of CSFW 2005","author":"A. Sabelfeld","year":"2005","unstructured":"Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proceedings of CSFW 2005. IEEE Press, Los Alamitos (2005)"},{"issue":"1","key":"5_CR89","doi-asserted-by":"publisher","first-page":"30","DOI":"10.1145\/353323.353382","volume":"3","author":"F.B. Schneider","year":"2000","unstructured":"Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security\u00a03(1), 30\u201350 (2000)","journal-title":"ACM Transactions on Information and System Security"},{"key":"5_CR90","unstructured":"Schneider, G.: A constraint-based algorithm for analysing memory usage on java cards. Technical Report RR-5440, INRIA (2004)"},{"issue":"1\u20132","key":"5_CR91","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.jlap.2003.07.003","volume":"58","author":"I.A. Siveroni","year":"2004","unstructured":"Siveroni, I.A.: Operational semantics of the Java Card Virtual Machine. Journal of Logic and Algebraic Programming\u00a058(1\u20132), 3\u201325 (2004)","journal-title":"Journal of Logic and Algebraic Programming"},{"key":"5_CR92","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-642-59495-3","volume-title":"Java and the Java Virtual Machine - Definition, Verification, Validation","author":"R. St\u00e4rk","year":"2001","unstructured":"St\u00e4rk, R., Schmid, J., B\u00f6rger, E.: Java and the Java Virtual Machine - Definition, Verification, Validation. Springer, Heidelberg (2001)"},{"issue":"1","key":"5_CR93","doi-asserted-by":"publisher","first-page":"90","DOI":"10.1145\/314602.314606","volume":"21","author":"R. Stata","year":"1999","unstructured":"Stata, R., Abadi, M.: A type system for Java bytecode subroutines. ACM Transactions on Programming Languages and Systems\u00a021(1), 90\u2013137 (1999)","journal-title":"ACM Transactions on Programming Languages and Systems"},{"key":"5_CR94","unstructured":"Java\u00a0In the Small\u00a0Project, http:\/\/www.lifl.fr\/rd2p\/jits\/"},{"key":"5_CR95","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"326","DOI":"10.1007\/978-3-540-31987-0_23","volume-title":"Programming Languages and Systems","author":"M. Wildmoser","year":"2005","unstructured":"Wildmoser, M., Nipkow, T.: Asserting bytecode safety. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol.\u00a03444, pp. 326\u2013341. Springer, Heidelberg (2005)"},{"key":"5_CR96","first-page":"214","volume-title":"Proceedings of POPL 1999","author":"H. Xi","year":"1999","unstructured":"Xi, H., Pfenning, F.: Dependent types in practical programming. In: Proceedings of POPL 1999, pp. 214\u2013227. ACM Press, New York (1999)"},{"key":"5_CR97","unstructured":"Xi, H., Xia, S.: Towards Array Bound Check Elimination in Java Virtual Machine Language. In: Proceedings of CASCOON 1999, November 1999, pp. 110\u2013125 (1999)"}],"container-title":["Lecture Notes in Computer Science","Foundations of Security Analysis and Design III"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/11554578_5.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,17]],"date-time":"2020-11-17T14:46:49Z","timestamp":1605624409000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/11554578_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2005]]},"ISBN":["9783540289555","9783540319368"],"references-count":97,"URL":"https:\/\/doi.org\/10.1007\/11554578_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2005]]}}}