| Malicious code on Java Card smartcards: Attacks and countermeasures (2008) | |||||||||||||||
Abstract | |||||||||||||||
| Abstract. When it comes to security, an interesting difference between Java Card and regular Java is the absence of an on-card bytecode verifier on most Java Cards. In principle this opens up the possibility of malicious, ill-typed code as an avenue of attack, though the Java Card platform offers some protection against this, notably by code signing. This paper gives a comprehensive overview of vulnerabilities and possible runtime countermeasures against ill-typed code, and describes results of experiments with attacking actual Java Cards currently on the market with malicious code. 1 | |||||||||||||||
Details der Publikation | |||||||||||||||
| |||||||||||||||