Skip to Main content Skip to Navigation
Conference papers

Accessing Secure Information using Export file Fraudulence

Abstract : Java Card specification allows to load applications after the post-issuance. Each application to be installed into the card is verified by a Byte Code Verifier which ensures that the application is in compliance with the Java security rules. The Java Card linking process is divided in to two steps. The first one is done off-card by the Java Card toolchain. The second one is realized during the appli- cation installation to resolve each token by an internal reference. In this paper, we focus on the off-card linker, espe- cially the conversion part between a Java-Class item and a Java Card-Cap token. For that, we provide mali- cious export files which will be used by the converter. This malicious API provides the same behavior as the original one for the user. With this attack, we are able to confuse the Java Card linker.
Complete list of metadatas
Contributor : Guillaume Bouffard <>
Submitted on : Wednesday, March 26, 2014 - 3:06:06 PM
Last modification on : Thursday, January 11, 2018 - 6:26:29 AM




Guillaume Bouffard, Tom Khefif, Ismael Kane, Sergio Casanova Salvia. Accessing Secure Information using Export file Fraudulence. CRiSIS, Oct 2013, La Rochelle, France. pp.1-5, ⟨10.1109/CRiSIS.2013.6766346⟩. ⟨hal-00966368⟩



Record views