Persistant Fault Injection Attack, From White-box to Black-box

Abstract : Among the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior to their installation to prevents ill-formed applet to be loaded. In this article, the behavior of the ORACLE Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, it will be demonstrated how one can use this breach to access to the system data of a frame, and persistently activate any code. By using both a white-box approach and fault injection, one can transform a well-formed code to an ill-formed one during runtime execution.
Type de document :
Communication dans un congrès
The 5th International Conference on Electrical Engineering - ICEE 2017, Oct 2017, Boumedrès, Algeria. 2017, 〈http://icee2017.univ-boumerdes.dz/〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01591931
Contributeur : Jean-Louis Lanet <>
Soumis le : vendredi 22 septembre 2017 - 11:57:57
Dernière modification le : jeudi 11 janvier 2018 - 06:28:15

Identifiants

  • HAL Id : hal-01591931, version 1

Citation

Abdelhak Mesbah, Mohamed Mezghiche, Jean-Louis Lanet. Persistant Fault Injection Attack, From White-box to Black-box. The 5th International Conference on Electrical Engineering - ICEE 2017, Oct 2017, Boumedrès, Algeria. 2017, 〈http://icee2017.univ-boumerdes.dz/〉. 〈hal-01591931〉

Partager

Métriques

Consultations de la notice

129