Reverse engineering a Java']Java Card memory management algorithm

被引：4

作者：

Mesbah, Abdelhak ^{[1
]}

Lanet, Jean-Louis ^{[2
]}

Mezghiche, Mohamed ^{[1
]}

机构：

[1] Univ Boumerdes, LIMOSE Lab, Independence Ave, Boumerdes 35000, Algeria

[2] INRIA, LHS PEC, 263 Ave Gen Leclerc, F-35042 Rennes, France

来源：

COMPUTERS & SECURITY | 2017年 / 66卷

关键词：

Data reverse engineering; !text type='Java']Java[!/text] Card; Software attack; 'Iype inference; Vulnerability discovery; DECOMPILATION;

D O I：

10.1016/j.cose.2017.01.005

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Smart cards are tamper resistant devices that manipulate assets in a secure way. Among the assets, one is of a particular interest the native layers. If some attacks have succeeded in getting access to the applicative layer very few of them have had access to the native layers. We propose here to use applicative programs to perform data reverse engineering in order to understand the hidden algorithms that manage the memory allocation. We are then able to generate our own fake references on objects that can be manipulated by the system as legal objects. Then, we propose a new attack called auto-forges that leads the system to interpret its own data or program as valid Java meta data. This attack provides access to new memory fragments where the native layers are stored. Getting access to this asset allows us to start the reverse engineering of these native layers. (C) 2017 Elsevier Ltd. All rights reserved.

引用

页码：97 / 114

页数：18

共 50 条

[1] Reverse engineering Java']Java Card and vulnerability exploitation: a shortcut to ROM
Mesbah, Abdelhak
Lanet, Jean-Louis
Mezghiche, Mohamed
[J]. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2019, 18 (01) : 85 - 100
[2] Reverse engineering Java']Java card applets using power analysis
Vermoen, Dennis
Witteman, Marc
Gaydadjiev, Georgi N.
[J]. INFORMATION SECURITY THEORY AND PRACTICES: SMART CARDS, MOBILE AND UBIQUITOUS COMPUTING SYSTEMS, PROCEEDINGS, 2007, 4462 : 138 - +
[3] A fast algorithm to compute heap memory bounds of Java']Java Card applets
Pham, Tuan-Hung
Truong, Anh-Hoang
Truong, Ninh-Thuan
Chin, Wei-Ngan
[J]. SEFM 2008: SIXTH IEEE INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND FORMAL METHODS, PROCEEDINGS, 2008, : 259 - +
[4] Reverse engineering Java Card and vulnerability exploitation: a shortcut to ROM
Abdelhak Mesbah
Jean-Louis Lanet
Mohamed Mezghiche
[J]. International Journal of Information Security, 2019, 18 : 85 - 100
[5] The synthesis of a Java']Java Card tokenisation algorithm
Denney, E
[J]. 16TH ANNUAL INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE 2001), PROCEEDINGS, 2001, : 43 - 50
[6] An asymmetric fingerprint matching algorithm for Java']Java Card™
Bistarelli, Stefano
Santini, Francesco
Vaccarelli, Anna
[J]. PATTERN ANALYSIS AND APPLICATIONS, 2006, 9 (04) : 359 - 376
[7] An asymmetric fingerprint matching algorithm for Java']Java Card™
Bistarelli, S
Santini, F
Vaccarelli, A
[J]. AUDIO AND VIDEO BASED BIOMETRIC PERSON AUTHENTICATION, PROCEEDINGS, 2005, 3546 : 279 - 288
[8] A high performance buffering of Java']Java objects for Java']Java card systems with flash memory
Jin, Min-Sik
Jung, Min-Soo
[J]. EMERGING DIRECTIONS IN EMBEDDED AND UBIQUITOUS COMPUTING, 2006, 4097 : 908 - 918
[9] Comparison Analysis of Acorn Algorithm and Snow Algorithm on Smart Card using Java']Java Card
Nurwarsito, Heru
Ayu, Sarah Kusuma
[J]. 2021 4TH INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATICS ENGINEERING (IC2IE 2021), 2021, : 429 - 434
[10] An advanced Java']Java Card System architecture for smart card based on large RAM memory
Yang, Yoon-Sim
Choi, Won-Ho
Jin, Min-Sik
Hwang, Cheul-Jun
Jung, Min-Soo
[J]. 2006 INTERNATIONAL CONFERENCE ON HYBRID INFORMATION TECHNOLOGY, VOL 2, PROCEEDINGS, 2006, : 646 - +

← 1 2 3 4 5 →