Persistant Fault Injection Attack, From White-box to Black-box - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2017

Persistant Fault Injection Attack, From White-box to Black-box

Résumé

Among the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior to their installation to prevents ill-formed applet to be loaded. In this article, the behavior of the ORACLE Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, it will be demonstrated how one can use this breach to access to the system data of a frame, and persistently activate any code. By using both a white-box approach and fault injection, one can transform a well-formed code to an ill-formed one during runtime execution.
Fichier non déposé

Dates et versions

hal-01591931 , version 1 (22-09-2017)

Identifiants

  • HAL Id : hal-01591931 , version 1

Citer

Abdelhak Mesbah, Mohamed Mezghiche, Jean-Louis Lanet. Persistant Fault Injection Attack, From White-box to Black-box. The 5th International Conference on Electrical Engineering - ICEE 2017, Oct 2017, Boumedrès, Algeria. ⟨hal-01591931⟩
191 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More