Accéder directement au contenu Accéder directement à la navigation
Communication dans un congrès

Accessing Secure Information using Export file Fraudulence

Abstract : Java Card specification allows to load applications after the post-issuance. Each application to be installed into the card is verified by a Byte Code Verifier which ensures that the application is in compliance with the Java security rules. The Java Card linking process is divided in to two steps. The first one is done off-card by the Java Card toolchain. The second one is realized during the appli- cation installation to resolve each token by an internal reference. In this paper, we focus on the off-card linker, espe- cially the conversion part between a Java-Class item and a Java Card-Cap token. For that, we provide mali- cious export files which will be used by the converter. This malicious API provides the same behavior as the original one for the user. With this attack, we are able to confuse the Java Card linker.
Type de document :
Communication dans un congrès
Liste complète des métadonnées

https://hal-unilim.archives-ouvertes.fr/hal-00966368
Contributeur : Guillaume Bouffard <>
Soumis le : mercredi 26 mars 2014 - 15:06:06
Dernière modification le : jeudi 11 janvier 2018 - 06:26:29

Identifiants

Collections

Citation

Guillaume Bouffard, Tom Khefif, Ismael Kane, Sergio Casanova Salvia. Accessing Secure Information using Export file Fraudulence. CRiSIS, Oct 2013, La Rochelle, France. pp.1-5, ⟨10.1109/CRiSIS.2013.6766346⟩. ⟨hal-00966368⟩

Partager

Métriques

Consultations de la notice

252