Abstract : Attacks based on type confusion against Java Card platforms have been widely studied in the literature over the past few years. Until now, no generic countermeasure has ever been proposed to cover simultaneously and efficiently direct and indirect type confusions. In this article we bridge this gap by introducing two different schemes which cover both type confusions. First, we show that an adequate random transformation of all the manipulated data on the platform according to their type can bring a very good resistance against type confusion exploits. Secondly, we describe how a so-called Java Card Virtual Machine Abstract Companion can allow one to detect all type confusions between integers and Objects all across the platform. While the second solution stands as a strong but resource-demanding mechanism, we show that the first one is a particularly efficient memory/security trade-off solution to secure the whole platform.
David Naccache; Damien Sauveron. 8th IFIP International Workshop on Information Security Theory and Practice (WISTP), Jun 2014, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-8501, pp.57-75, 2014, Information Security Theory and Practice. Securing the Internet of Things. 〈10.1007/978-3-662-43826-8_5〉
https://hal.inria.fr/hal-01400920
Contributeur : Hal Ifip
<>
Soumis le : mardi 22 novembre 2016 - 16:19:42
Dernière modification le : mercredi 23 novembre 2016 - 08:47:43
Document(s) archivé(s) le : mardi 21 mars 2017 - 00:38:54
Guillaume Barbu, Christophe Giraud. New Countermeasures against Fault and Software Type Confusion Attacks on Java Cards. David Naccache; Damien Sauveron. 8th IFIP International Workshop on Information Security Theory and Practice (WISTP), Jun 2014, Heraklion, Crete, Greece. Springer, Lecture Notes in Computer Science, LNCS-8501, pp.57-75, 2014, Information Security Theory and Practice. Securing the Internet of Things. 〈10.1007/978-3-662-43826-8_5〉. 〈hal-01400920〉
