Reverse engineering a Java']Java Card memory management algorithm

被引：4

作者：

Mesbah, Abdelhak ^{[1
]}

Lanet, Jean-Louis ^{[2
]}

Mezghiche, Mohamed ^{[1
]}

机构：

[1] Univ Boumerdes, LIMOSE Lab, Independence Ave, Boumerdes 35000, Algeria

[2] INRIA, LHS PEC, 263 Ave Gen Leclerc, F-35042 Rennes, France

来源：

COMPUTERS & SECURITY | 2017年 / 66卷

关键词：

Data reverse engineering; !text type='Java']Java[!/text] Card; Software attack; 'Iype inference; Vulnerability discovery; DECOMPILATION;

D O I：

10.1016/j.cose.2017.01.005

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Smart cards are tamper resistant devices that manipulate assets in a secure way. Among the assets, one is of a particular interest the native layers. If some attacks have succeeded in getting access to the applicative layer very few of them have had access to the native layers. We propose here to use applicative programs to perform data reverse engineering in order to understand the hidden algorithms that manage the memory allocation. We are then able to generate our own fake references on objects that can be manipulated by the system as legal objects. Then, we propose a new attack called auto-forges that leads the system to interpret its own data or program as valid Java meta data. This attack provides access to new memory fragments where the native layers are stored. Getting access to this asset allows us to start the reverse engineering of these native layers. (C) 2017 Elsevier Ltd. All rights reserved.

引用

页码：97 / 114

页数：18

共 50 条

[41] Building an "impossible" verifier on a Java']Java Card
Deville, D
Grimaud, G
[J]. USENIX ASSOCIATION PROCEEDINGS OF THE 2ND WORKSHOP ON INDUSTRIAL EXPERIENCES WITH SYSTEMS SOFTWARE (WIESS 02), 2002, : 15 - 24
[42] Authenticated Encryption Schemes on Java']Java Card
Pal, Rajesh Kumar
[J]. 2019 22ND EUROMICRO CONFERENCE ON DIGITAL SYSTEM DESIGN (DSD), 2019, : 238 - 245
[43] Tool set for the Java']Java Card platform
不详
[J]. IEEE MICRO, 2000, 20 (03) : 87 - 87
[44] Anonymous Credentials on a Standard Java']Java Card
Bichsel, Patrik
Camenisch, Jan
Gross, Thomas
Shoup, Victor
[J]. CCS'09: PROCEEDINGS OF THE 16TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2009, : 600 - 610
[45] An integrated development environment for Java']Java Card
Attali, I
Caromel, D
Courbis, C
Henrio, L
Nilsson, H
[J]. COMPUTER NETWORKS, 2001, 36 (04) : 391 - 405
[46] Developing Java']Java Card Applications with B
Gurgel Gomes, Bruno Emerson
Moreira, Anamaria Martins
Deharbe, David
[J]. ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE, 2007, 184 (SPEC. ISS.) : 81 - 96
[47] Secure object sharing in Java']Java Card
Montgomery, M
Krishna, K
[J]. PROCEEDINGS OF THE USENIX WORKSHOP ON SMARTCARD TECHNOLOGY (SMARTCARD '99), 1999, : 119 - 127
[48] Optimization of Transaction Mechanism on Java']Java Card
Yu, Xiaoxue
Zhang, Dawei
[J]. SOFTWARE ENGINEERING, BUSINESS CONTINUITY, AND EDUCATION, 2011, 257 : 190 - 199
[49] Developing ECC Applications in Java']Java Card
Gayoso Martinez, V.
Hernandez Encinas, L.
[J]. 2013 9TH INTERNATIONAL CONFERENCE ON INFORMATION ASSURANCE AND SECURITY (IAS), 2013, : 114 - 120
[50] Webcard: A Java']Java Card web server
Rees, J
Honeyman, P
[J]. SMART CARD RESEARCH AND ADVANCED APPLICATIONS, 2000, 52 : 197 - 207

← 1 2 3 4 5 →