Countermeasures Mitigation for Designing Rich Shell Code in Java Card

Noreddine Janati 1, * Said Elhajji 1 Jean-Louis Lanet 2
* Auteur correspondant
2 TAMIS - Threat Analysis and Mitigation for Information Security
Inria Rennes – Bretagne Atlantique , IRISA-D4 - LANGAGE ET GÉNIE LOGICIEL
Abstract : Recently, logical attacks have been published that target Java based smart card. They use dynamically a type confusion which is possible if type verification is not performed. Countermeasures have been introduced on recent smart card to avoid executing rich shell code and in particular dynamic bound checking of the code segment. We propose here a new attack path for performing a type confusion that leads to a Java based self modifying code. Then, we propose to improve the previous counter measure to mitigate this new attack.
Type de document :
Communication dans un congrès
Said El Hajji; Abderrahmane Nitaj; Claude Carlet; El Mamoun Souidi. C2SI 2015 - First International Conference Codes, Cryptology, and Information Security, May 2015, Rabat, Morocco. Springer, Volume 9084 of the series Lecture Notes in Computer Science, pp.149-161, Codes, Cryptology, and Information Security. 〈10.1007/978-3-319-18681-8_12〉
Liste complète des métadonnées

Littérature citée [15 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01250590
Contributeur : Jean-Louis Lanet <>
Soumis le : mardi 5 janvier 2016 - 08:46:19
Dernière modification le : mercredi 16 mai 2018 - 11:24:11
Document(s) archivé(s) le : jeudi 7 avril 2016 - 14:56:50

Fichier

richShellCode.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Citation

Noreddine Janati, Said Elhajji, Jean-Louis Lanet. Countermeasures Mitigation for Designing Rich Shell Code in Java Card. Said El Hajji; Abderrahmane Nitaj; Claude Carlet; El Mamoun Souidi. C2SI 2015 - First International Conference Codes, Cryptology, and Information Security, May 2015, Rabat, Morocco. Springer, Volume 9084 of the series Lecture Notes in Computer Science, pp.149-161, Codes, Cryptology, and Information Security. 〈10.1007/978-3-319-18681-8_12〉. 〈hal-01250590〉

Partager

Métriques

Consultations de la notice

286

Téléchargements de fichiers

100