Title :
A security vulnerability of Java Card on array access in financial system
Author :
Jiang-pei Xu ; Li-Ji Wu ; Xiang-jun Yang ; Yu-Zhong Wang ; Xiang-Min Zhang
Author_Institution :
Inst. of Microelectron., Tsinghua Univ., Beijing, China
Abstract :
Generally, Java Card mainly consists of the following parts: COS (Chip Operating System), JCVM (Java Card Virtual Machine), and API (Application Programming Interface). As a multi-application system, Java Card itself is very complicated, so it may inevitably exist some security vulnerabilities inside. Based on these parts of Java Card, we can find out some detectable points to its security vulnerabilities. This paper presents a method containing a specific case to test Java Card on array access, aiming to detect the possible security vulnerabilities of JCVM. In this paper, three different kinds of Java Cards have been tested and the test result has been described. From the test result, we successfully find out a security vulnerability of JCVM.
Keywords :
Java; application program interfaces; microprocessor chips; operating systems (computers); security of data; smart cards; virtual machines; API; COS; JCVM; Java Card virtual machine; application programming interface; array access; chip operating system; financial system; multi-application system; Java Card; array access; security vulnerability;
Conference_Titel :
Wireless and Optical Communication Conference (WOCC), 2013 22nd
Conference_Location :
Chongqing
Print_ISBN :
978-1-4673-5697-8
DOI :
10.1109/WOCC.2013.6676466
