Java Card Virtual Machine Compromising from a Bytecode Verified Applet

Capítulo de livro Acesso aberto Revisado por pares

Java Card Virtual Machine Compromising from a Bytecode Verified Applet

2016; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-319-31271-2_5

ISSN

1611-3349

Autores

Julien Lancia, Guillaume Bouffard,

Tópico(s)

Advanced Malware Detection Techniques

Resumo

The Byte Code Verifier (BCV) is one of the most important security element in the Java Card environment. Indeed, embedded applets must be verified prior installation to prevent ill-formed applet loading. In this article, we disclose a flaw in the Oracle BCV which affects the applet linking process and can be exploited on real world Java Card smartcards. We describe our exploitation of this flaw on a Java Card implementation that enables injecting and executing arbitrary native malicious code in the communication buffer from a verified applet. This native execution allows snapshotting the smart card memory with OS rights.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

Java Card Virtual Machine Compromising from a Bytecode Verified Applet