Skip to Main content Skip to Navigation
Conference papers

Combined Software and Hardware Attacks on the Java Card Control Flow

Abstract : The Java Card uses two components to ensure the security of its model. On the one hand, the byte code verifier (BCV) checks, during an applet installation, if the Java Card security model is ensured. This mechanism may not be present in the card. On the other hand, the firewall dynamically checks if there is no illegal access. This paper describes two attacks to modify the Java Card control flow and to execute our own malicious byte code. In the first attack, we use a card without embedded security verifier and we show how it is simple to change the return address of a current function. In the second attack, we consider the hypothesis that the card embeds a partial implementation of a BCV. With the help of a laser beam, we are able to change the execution flow.
Complete list of metadatas

Cited literature [7 references]  Display  Hide  Download
Contributor : Yolande Vieceli <>
Submitted on : Wednesday, September 27, 2017 - 3:14:17 PM
Last modification on : Thursday, March 5, 2020 - 4:28:26 PM
Document(s) archivé(s) le : Thursday, December 28, 2017 - 2:11:18 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Guillaume Bouffard, Julien Iguchi-Cartigny, Jean-Louis Lanet. Combined Software and Hardware Attacks on the Java Card Control Flow. 10th Smart Card Research and Advanced Applications (CARDIS), Sep 2011, Leuven, Belgium. pp.283-296, ⟨10.1007/978-3-642-27257-8_18⟩. ⟨hal-00684616⟩



Record views


Files downloads