Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 1 au 3 juin 2016.

Java Card security, Software and Combined attacksJean Dubreuil

Date : 03 June 2016 à 09:45 — 30 min.

The security of Java Card products is mainly based on the Byte Code Verifier (BCV) which is a mandatory step before loading any applet on an embedded Java Card Virtual Machine (JCVM). The BCV is therefore in charge of detecting some malicious code, preventing from software attacks. However the BCV is not sufficient against software attacks based on flaws in the JCVM implementation itself and against combined attacks. This paper presents software attacks with verified applets exploiting flaws in JCVM implementations and new techniques for combined attacks.