User menu

Accès à distance ? S'identifier sur le proxy UCLouvain

Malicious code on Java card smartcards: Attacks and countermeasures

Primary tabs

Mostowski, W. Poll, E.

When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the possibility of malicious, ill-typed code as an avenue of attack, though the Java Card platform offers some protection against this, notably by code signing. This paper gives an extensive overview of vulnerabilities and possible runtime countermeasures against ill-typed code, and describes results of experiments with attacking actual Java Cards currently on the market with malicious code.

Document type Communication à un colloque (Conference Paper) – Présentation orale avec comité de sélection
Access type Accès restreint
Publication date 2008
Conference "Smart Card Research and Advanced Applications. 8th IFIP WG 8.8/11.2 International Conference, CARDIS 2008", London, UK (8-11 September 2008)
Peer reviewed yes
Host document Grimaud, G.; Standaert, F.-X.; ; "Smart Card Research and Advanced Applications. 8th IFIP WG 8.8/11.2 International Conference, CARDIS 2008"- p. 1-16 (ISBN : 978-3-540-85892-8)
Publisher Springer-verlag
Affiliation UCL
Links
  1. Beckert Bernhard, Mostowski Wojciech, A Program Logic for Handling Java Card’s Transaction Mechanism, Fundamental Approaches to Software Engineering (2003) ISBN:9783540008996 p.246-260, 10.1007/3-540-36578-8_18
  2. Dietl Werner, Müller Peter, Poetzsch-Heffter Arnd, A Type System for Checking Applet Isolation in Java Card, Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (2005) ISBN:9783540242871 p.129-150, 10.1007/978-3-540-30569-9_7
  3. Govindavajhala S., Appel A.W., Using memory errors to attack a virtual machine, 10.1109/secpri.2003.1199334
  4. Hubbers, E., Mostowski, W., Poll, E.: Tearing Java Cards. In: Proceedings, e-Smart 2006, Sophia-Antipolis, France, September 20–22 (2006)
  5. Marché, C., Rousset, N.: Verification of Java Card applets behavior with respect to transactions and card tears. In: Proc. Software Engineering and Formal Methods (SEFM), Pune, India. IEEE Computer Society Press, Los Alamitos (2006)
  6. McGraw, G., Felten, E.W.: Securing Java. Wiley, Chichester (1999), http://www.securingjava.com/
  7. Montgomery, M., Krishna, K.: Secure object sharing in Java Card. In: Proceedings of the USENIX Workshop on Smartcard Technology (Smartcard 1999), Chicago, Illinois, USA, May 10–11 (1999)
  8. Mostowski, W., Poll, E.: Testing the Java Card Applet Firewall. Technical Report ICIS–R07029, Radboud University Nijmegen (December 2007), https://pms.cs.ru.nl/iris-diglib/src/icis_tech_reports.php
  9. Sun Microsystems, Inc. Java Card 2.2.2 Runtime Environment Specification (March 2006), http://www.sun.com
  10. Vermoen, D.: Reverse engineering of Java Card applets using power analysis. Technical report, TU Delft1 (2006), http://ce.et.tudelft.nl/publicationfiles/1162_634_thesis_Dennis.pdf
  11. Witteman, M.: Java Card security. Information Security Bulletin 8, 291–298 (2003)
Bibliographic reference Mostowski, W. ; Poll, E.. Malicious code on Java card smartcards: Attacks and countermeasures.Smart Card Research and Advanced Applications. 8th IFIP WG 8.8/11.2 International Conference, CARDIS 2008 (London, UK, 8-11 September 2008). In: Grimaud, G.; Standaert, F.-X.;, Smart Card Research and Advanced Applications. 8th IFIP WG 8.8/11.2 International Conference, CARDIS 2008, Springer-verlag2008, p. 1-16
Permanent URL http://hdl.handle.net/2078.1/67662