A security vulnerability of Java Card on array access in financial system

Author

Jiang-pei Xu ; Li-Ji Wu ; Xiang-jun Yang ; Yu-Zhong Wang ; Xiang-Min Zhang

Author_Institution

Inst. of Microelectron., Tsinghua Univ., Beijing, China

fYear

2013

fDate

16-18 May 2013

Firstpage

707

Lastpage

710

Abstract

Generally, Java Card mainly consists of the following parts: COS (Chip Operating System), JCVM (Java Card Virtual Machine), and API (Application Programming Interface). As a multi-application system, Java Card itself is very complicated, so it may inevitably exist some security vulnerabilities inside. Based on these parts of Java Card, we can find out some detectable points to its security vulnerabilities. This paper presents a method containing a specific case to test Java Card on array access, aiming to detect the possible security vulnerabilities of JCVM. In this paper, three different kinds of Java Cards have been tested and the test result has been described. From the test result, we successfully find out a security vulnerability of JCVM.

Keywords

Java; application program interfaces; microprocessor chips; operating systems (computers); security of data; smart cards; virtual machines; API; COS; JCVM; Java Card virtual machine; application programming interface; array access; chip operating system; financial system; multi-application system; Java Card; array access; security vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Wireless and Optical Communication Conference (WOCC), 2013 22nd

Conference_Location

Chongqing

Print_ISBN

978-1-4673-5697-8

Type

conf

DOI

10.1109/WOCC.2013.6676466

Filename

6676466