Simulation Logic, Applets and Compositional Verification

We present a ompositional veri ation method for ontrol ow based safety properties of smart ard applets. Our method rests on a lose orresponden e between transition system models ordered by simulation and Hennessy-Milner logi extended with simultaneous greatest xed points. We show that simulation an be hara terised logi ally and, vi e versa, logi al satisfa tion an be represented behaviourally by a maximal model for a given formula. Based on these results and earlier ideas by Grumberg and Long we develop a ompositional veri ation te hnique, where maximal models repla e logi al assumptions to redu e ompositional veri ation to standard model he king. However, in the ontext of applets, equipped with interfa es, this te hnique needs to be re ned. Sin e for a given behavioural formula and interfa e a maximal applet does not always exist, we propose a two-level approa h, where lo al assumptions restri t the ontrol ow stru ture of applets, while the global property restri ts the ontrol ow behaviour of the system. By separating the tasks of verifying global and lo al properties of applets, our method supports se ure post-issuan e loading of new applets onto a smart ard.