Java Card Virtual Machine Compromising from a Bytecode Verified Applet

Autor: Julien Lancia, Guillaume Bouffard
Přispěvatelé: THALES COMMUNICATIONS & SECURITY, THALES, Agence nationale de la sécurité des systèmes d'information (ANSSI)
Jazyk: angličtina
Rok vydání: 2015
Předmět:
Zdroj: Smart Card Research and Advanced Applications-14th International Conference, CARDIS 2015
Smart Card Research and Advanced Applications-14th International Conference, CARDIS 2015, Nov 2015, Bochum, Germany. pp.75-88, ⟨10.1007/978-3-319-31271-2_5⟩
Smart Card Research and Advanced Applications ISBN: 9783319312705
CARDIS
DOI: 10.1007/978-3-319-31271-2_5⟩
Popis: International audience; The Byte Code Verifier (BCV) is one of the most important security element in the Java Card environment. Indeed, embedded applets must be verified prior installation to prevent ill-formed applet loading. In this article, we disclose a flaw in the Oracle BCV which affects the applet linking process and can be exploited on real world Java Card smartcards. We describe our exploitation of this flaw on a Java Card implementation that enables injecting and executing arbitrary native malicious code in the communication buffer from a verified applet. This native execution allows snapshotting the smart card memory with OS rights.
Databáze: OpenAIRE