Skip to Main content Skip to Navigation
Conference papers

Persistant Fault Injection Attack, From White-box to Black-box

Abstract : Among the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior to their installation to prevents ill-formed applet to be loaded. In this article, the behavior of the ORACLE Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, it will be demonstrated how one can use this breach to access to the system data of a frame, and persistently activate any code. By using both a white-box approach and fault injection, one can transform a well-formed code to an ill-formed one during runtime execution.
Complete list of metadata
Contributor : Jean-Louis Lanet Connect in order to contact the contributor
Submitted on : Friday, September 22, 2017 - 11:57:57 AM
Last modification on : Friday, August 5, 2022 - 2:54:52 PM


  • HAL Id : hal-01591931, version 1


Abdelhak Mesbah, Mohamed Mezghiche, Jean-Louis Lanet. Persistant Fault Injection Attack, From White-box to Black-box. The 5th International Conference on Electrical Engineering - ICEE 2017, Oct 2017, Boumedrès, Algeria. ⟨hal-01591931⟩



Record views