Accéder directement au contenu Accéder directement à la navigation
Nouvelle interface
Communication dans un congrès

Accessing Secure Information using Export file Fraudulence

Abstract : Java Card specification allows to load applications after the post-issuance. Each application to be installed into the card is verified by a Byte Code Verifier which ensures that the application is in compliance with the Java security rules. The Java Card linking process is divided in to two steps. The first one is done off-card by the Java Card toolchain. The second one is realized during the appli- cation installation to resolve each token by an internal reference. In this paper, we focus on the off-card linker, espe- cially the conversion part between a Java-Class item and a Java Card-Cap token. For that, we provide mali- cious export files which will be used by the converter. This malicious API provides the same behavior as the original one for the user. With this attack, we are able to confuse the Java Card linker.
Type de document :
Communication dans un congrès
Liste complète des métadonnées
Contributeur : Guillaume Bouffard Connectez-vous pour contacter le contributeur
Soumis le : mercredi 26 mars 2014 - 15:06:06
Dernière modification le : mercredi 22 décembre 2021 - 11:58:03




Guillaume Bouffard, Tom Khefif, Ismael Kane, Sergio Casanova Salvia. Accessing Secure Information using Export file Fraudulence. CRiSIS, Oct 2013, La Rochelle, France. pp.1-5, ⟨10.1109/CRiSIS.2013.6766346⟩. ⟨hal-00966368⟩



Consultations de la notice