CN106485138A - A kind of Java card anti-attack method and device - Google Patents

A kind of Java card anti-attack method and device Download PDF

Info

Publication number
CN106485138A
CN106485138A CN201610811587.3A CN201610811587A CN106485138A CN 106485138 A CN106485138 A CN 106485138A CN 201610811587 A CN201610811587 A CN 201610811587A CN 106485138 A CN106485138 A CN 106485138A
Authority
CN
China
Prior art keywords
array object
array
described non
head
deviant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610811587.3A
Other languages
Chinese (zh)
Other versions
CN106485138B (en
Inventor
秦远富
熊燕萍
尚微
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Datang Semiconductor Design Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Datang Semiconductor Design Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd, Datang Semiconductor Design Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CN201610811587.3A priority Critical patent/CN106485138B/en
Publication of CN106485138A publication Critical patent/CN106485138A/en
Application granted granted Critical
Publication of CN106485138B publication Critical patent/CN106485138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Abstract

The invention discloses a kind of Java card anti-attack method and device, methods described includes:When creating non-array object, the size information of described non-array object is saved in the object head of described non-array object;When described non-array object is accessed, whether the deviant verifying the member variable of described non-array object is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, denied access.Present invention also offers a kind of Java card including attack protection device.The present invention program, preserve the size information of this non-array object when creating non-array object, the size of non-array object can quickly be determined when non-array object is accessed, size by the relatively deviant of the member variable of non-array object and this non-array object, prevent the binary system that illegal user from malicious modification accesses non-array object from executing the member variable deviant in file, it is ensured that the safety of Java card data access in the case of not losing Java card performance.

Description

A kind of Java card anti-attack method and device
Technical field
The present invention relates to Java card technical field, more particularly, to a kind of Java card anti-attack method, device.
Background technology
Java card object accesses are generally completed by several assembly instructions, and such as the member variable of reading object is used Getfield dependent instruction, member variable assignment putfield dependent instruction, every instruction is followed by one or two words The constant of section, illustrates the skew of the member variable of object to be accessed, Java card virtual machine refers to by realizing the access of these correlations Make and to realize the access control to object member variable.Virtual machine is common, and to realize flow process as follows:Take from operation storehouse first Go out object reference (i.e. the mark of object) to be accessed, then read one-tenth to be accessed from the place (i.e. code area) of store code The skew of member's variable, system is calculated by object reference and positions the storage location of object, then verifies the access rights of object, Just the access control to member variable can be realized finally by the skew calculating, such as read, write etc..
The object of Java card is divided into array object and non-array object, and the access control of array object is operationally to realize , rather than array is to be made up of a series of member variable, the access control to these member variables is to realize in the compilation phase , for example, if user writes one section of code and attempts to access that the non-existent member variable of non-array object, compiler immediately will Find that is to say, that user cannot realize accessing all members of non-array object by way of directly writing Java code Outside data.
Content of the invention
Present invention is primarily targeted at proposing a kind of Java card anti-attack method, device it is intended to the above-mentioned Java of solution can The security risk problem that can exist.
For achieving the above object, a kind of Java card anti-attack method that the present invention provides, including:
When creating non-array object, the size information of described non-array object is saved in the right of described non-array object As in head;
When described non-array object is accessed, verify described non-array object member variable deviant whether with institute State the size information preserving in the object head of non-array object consistent, if it is inconsistent, denied access.
Alternatively, wherein, the described size information by described non-array object is saved in the object of described non-array object In head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, wherein, described when described non-array object is by anti-asking, the member of the described non-array object of described inspection Whether the deviant of variable is consistent with the size information preserving in the object head of described non-array object, including:
When described non-array object is accessed, from the object reference running the storehouse described non-array object of taking-up, positioning It is accessed for the storage location of non-array object, read described from the object head of described non-array object or the object head of extension The size information of non-array object, reads the deviant of the member variable being accessed for non-array object from code area, verifies quilt Whether the deviant of the member variable of non-array object accessing is consistent with the size information of described non-array object.
Alternatively, wherein, described verification be accessed for the member variable of non-array object deviant whether non-with described The size information of array object is consistent, if it is inconsistent, denied access, including:
When the deviant of the member variable being accessed for non-array object is more than or equal to the size of described non-array object When, the access to described non-array object for the refusal;When the deviant of the member variable of described non-array object is less than described non-number The size of group objects and during more than or equal to 0, verify described non-array object access rights pass through after, according to calculating Deviant realize access to described member variable.
Alternatively, wherein, the number of the object head of the object head of described non-array object or extension and described non-array object According to preserving respectively, in one-to-one relationship.
Present invention also offers a kind of Java card attack protection device, including:
Object Creation module, for when creating non-array object, the size information of described non-array object being saved in In the object head of described non-array object;
Access control module, for when described non-array object is accessed, the member verifying described non-array object becomes Whether the deviant of amount is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, refusal Access.
Alternatively, wherein, the described size information by described non-array object is saved in the object of described non-array object In head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, wherein, described access control module includes verification unit, for being accessed when described non-array object When, from the object reference running the storehouse described non-array object of taking-up, positioning is accessed for the storage location of non-array object, from Read the size information of described non-array object in the object head of the object head of described non-array object or extension, read from code area Take the deviant of the member variable being accessed for non-array object, verification is accessed for the skew of the member variable of non-array object Whether value is consistent with the size information of described non-array object.
Alternatively, wherein, described access control module also includes access control unit and accesses performance element:
Described access control unit, for being more than or equal to when the deviant of the member variable being accessed for non-array object During the size of described non-array object, the access to described non-array object for the refusal;
Described access performance element, the deviant for the member variable when described non-array object is less than described non-array The size of object and more than or equal to 0 when, verify described non-array object access rights pass through after, according to calculate Deviant realizes the access to described member variable.
Alternatively, wherein said Object Creation module also includes memory element, for by the object of described non-array object The object head of head or extension is preserved with the data of described non-array object, respectively in one-to-one relationship.
The present invention also provides a kind of Java card, including the attack protection device described in any of the above-described.
Technical scheme provided in an embodiment of the present invention, when creating non-array object, preserves the size of this non-array object Information, can quickly determine the size of non-array object, by the one-tenth of relatively non-array object when non-array object is accessed The deviant of member's variable and the size of this non-array object, prevent illegal user from malicious modification from accessing the binary system of non-array object The deviant of the member variable in execution file accesses the data outside all members of non-array object, is not losing Java card It is ensured that the safety of Java card data access in the case of energy.
Brief description
Fig. 1 is the schematic flow sheet of the Java card anti-attack method of first embodiment of the invention;
Fig. 2 is the module diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 3 is the modular unit schematic diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 4 is the Java card structural representation comprising attack protection device of the present invention;
The realization of the object of the invention, functional characteristics and advantage will be described further in conjunction with the embodiments referring to the drawings.
Specific embodiment
It should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Below in conjunction with drawings and Examples, technical scheme is described in detail.
If it should be noted that not conflicting, each feature in the embodiment of the present invention and embodiment can mutually be tied Close, all within protection scope of the present invention.In addition, though showing logical order in flow charts, but in some situations Under, can be with the step shown or described different from order execution herein.
Realize the mobile terminal of each embodiment of the present invention referring now to Description of Drawings.In follow-up description, use For represent element such as " module ", " part " or " unit " suffix only for being conducive to the explanation of the present invention, itself Not specific meaning.Therefore, " module " and " part " can mixedly use.
In prior art, the skew of the member variable of non-array object is the value of a fixation, after object is fixing, wherein often The deviant of individual member just secures.When accessing non-array object every time, this fixing deviant is write by compiler In binary system execution file (i.e. CAP file), then download to execution on card, it is inclined that the executor on card reads this The data of shifting value corresponding data field storage, if illegal user from malicious have modified the deviant of the correlation in this CAP file, The protection of compiler just can be skipped to access the data outside all members of non-array object, this be one greatly safety leak Hole.For there is the product of safety requirements clearly for one, if not taking the precautionary measures, just having and potentially maliciously being attacked The danger hit.
For the problems referred to above, first embodiment of the invention proposes a kind of Java card anti-attack method, as shown in figure 1, including:
Step 10:When creating non-array object, the size information of described non-array object is saved in described non-array In the object head of object;
In Java card is realized, each object includes two parts:Object head and object data, object head is to object Description, the such as owner of object, the operation context of object, the bag at object place and class etc., for array object, in object head Also include the size information (population size of object) of array, when creating array object, the size information phase of this array object Should determine that the number of members of this object.
But, in existing Java technology, the object head of non-array object does not comprise the size information of non-array object, non- The size information of array object is included in the category information of this object, and category information is saved in class component again, will obtain non-array The size information of object needs through the following steps:According to the class component information of the package informatin positioning bag in non-array object head, Further according to class component Information locating object category information, from category information, finally obtain the size of this non-array object.If every time Access non-array object and all adopt such flow process, Java card will become slowly to the performance that non-array object accesses, directly Connect the whole properties of product of impact.
The present embodiment proposes in the non-array object of each establishment, just preserves the size information of described non-array object To in the object head of described non-array object;The object head of non-array object if there are unnecessary byte, just by this non-array pair The size information of elephant is saved in the unnecessary byte of object head, if the object head of non-array object does not have unnecessary byte, just Expand the length of object head, the byte of extension is added the size information of this non-array object, to access non-array pair As when can quickly obtain the size information (size of the number of members of non-array object) of this non-array object.
Step 12:When described non-array object is accessed, verify the deviant of the member variable of described non-array object Whether consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, denied access.
The embodiment of the present invention each create non-array object when, just right in the object head of this non-array object or extension As saving the size information of this non-array object in head, this size information defines the number of members of this non-array object;Cause This, when non-array object is accessed, the deviant (or index of non-array object) that can verify non-array object is non-with this Whether the non-array object size information (number of members of non-array object) preserving in the object head of array object is consistent, if Inconsistent, show the deviant of the member variable that illegal user from malicious may be had to have modified non-array object it is intended to access non-number Data field beyond the member of group objects, refuses the access to this non-array object for the Java card.
JAVA card is a kind of CPU smart card that can run JAVA program, and therefore said method can be by Java card CPU/ virtual machine and memorizer implemented.
Method provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object, When non-array object is accessed, by the size of relatively member's deviant of non-array object and this non-array object, permissible Prevent the binary system that illegal user from malicious changes non-array object from executing the deviant of the member variable in file (i.e. CAP file) Access the data outside all members of non-array object, improve the safety of Java card.
Alternatively, the above-mentioned size information by described non-array object is saved in the object head of described non-array object, Including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Due to not accounting for preserving the size information of non-array object in the object head of non-array object in prior art Problem, therefore, when creating non-array object, the size information of this non-array object is possibly cannot be directly in non-array object Preserve (for example when the head of non-array object does not have unnecessary byte or reserved byte) in object head byte, then need to expand Open up the byte number of the object head of non-array object, to preserve the size information of this non-array object, the object head byte of extension The size of number, the size information of the non-array object preserving as needed determines.The size information of non-array object, refers to that this is non- The quantity (or call number quantity information of member variable) of the member variable of array object.
Alternatively, in said method, when described non-array object is accessed, the one-tenth of the described non-array object of described inspection Whether the skew of member's variable is consistent with the size information preserving in the object head of described non-array object, including:
When described non-array object is accessed, from the object reference running the storehouse described non-array object of taking-up, positioning It is accessed for the storage location of non-array object, read described from the object head of described non-array object or the object head of extension The size information of non-array object, reads the skew of the member variable being accessed for non-array object from code area, and verification is interviewed Whether the deviant of the member variable of non-array object asked is consistent with the size information of described non-array object.
In the embodiment of the present invention, need to existing Java object access control dependent instruction getfield's and putfield Flow process is modified, and amended related procedure is as follows:
Take out non-array object to be accessed from operation storehouse first to quote, positioning is calculated by object reference described non- The storage location of array object, the object size information from the storage location reading object head of described non-array object, so Read the deviant of the member variable that will access this non-array object afterwards from code area, verify the member variable of non-array object Whether deviant is consistent with the size information of described non-array object, whether has exceeded the size of object.
It is obvious also possible to first obtain the deviant of the member variable accessing non-array object, then obtain described non-array pair The size information of elephant, then verifies the deviant whether size letter with described non-array object of the member variable of non-array object Breath is consistent.
Member's deviant of non-array object, represents member's index (sequence number) of this non-array object;Non- array object Size information, represents the quantity (or can index range) of the member variable of this non-array object.Because the present invention is creating non-number In the object head of this non-array object or the object head of extension, during group objects, just save the size information of this non-array object (quantity of member variable or can index range), therefore can compare member's deviant of non-array object whether with described non-number The size information of group objects is consistent.Obviously, during the member variable of the non-array object of normal access, the member of this non-array object becomes The deviant of amount should be consistent with the size information of described non-array object, i.e. the skew of the member variable of non-array object What value (or index) should not exceed the quantitative range of member variable of this non-array object or member variable can index range.
Alternatively, wherein, when the deviant of the member variable being accessed for non-array object is more than or equal to described non-number During the size of group objects, the access to described non-array object for the refusal;Deviant when the member variable of described non-array object Less than described non-array object size when and be more than or equal to 0, verify described non-array object access rights pass through When, the access to described member variable is realized according to the deviant calculating.
In the embodiment of the present invention, if verification find be accessed for non-array object member variable deviant be more than or Equal to the size of described non-array object, for example, it is accessed for the index of the member variable of non-array object, exceeded this non-number The population size of the member variable of group objects or member variable can index range, then show the member variable of this non-array object Deviant inconsistent with the size information of described non-array object, access described non-array object binary system execution file different Often or can suffer from malicious modification, configuration processor attempts to access that the data field beyond the member variable of this non-array object, therefore The access to described non-array object for the refusal, prevents the data field of Java card to be subject to malicious attack.
Alternatively, when finding the non-aray variable of unauthorized access, can be with alarm prompt it is also possible to the operation of terminal card.
Alternatively, in said method, the object head of described non-array object or the object head of extension, with described non-array pair The data of elephant preserves respectively, in one-to-one relationship.
In prior art, the object head data area of non-array object is stored in same memory space, and object head is not Preserve the size information of this non-array object.In the embodiment of the present invention, when creating non-array object, by this non-array object When size information is saved in the object head of the object head of this non-array object or extension, it is referred to existing non-array object Memory allocation mode carries out preserving this non-array object.
Preferably, verify for ease of quick-searching, reduce the impact to Java card technical performance as far as possible, can be by non-number The object head of the object head of group objects or extension is preserved in the independent memory space dividing, and the data by non-array object Area preserves in the other memory space dividing, and makes the object head of non-array object or the object head of extension and described non-array object Data field, in one-to-one relationship, so as to quickly positioning the size of non-array object, do not losing Java card performance In the case of it is ensured that the safety of Java card data access.
Method provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object, The size of non-array object can quickly be determined when non-array object is accessed, by the member variable of relatively non-array object Deviant and this non-array object size, prevent illegal user from malicious modification access non-array object binary system execute literary composition The deviant of the member variable in part accesses the data outside all members of non-array object, in the feelings not losing Java card performance It is ensured that the safety of Java card data access under condition.
Correspondingly, second embodiment of the invention additionally provides a kind of Java card attack protection device, as shown in Fig. 2 including:
Object Creation module 20, for when creating non-array object, the size information of described non-array object being preserved To in the object head of described non-array object;
Access control module 22, for when described non-array object is accessed, verifying the member of described non-array object Whether the deviant of variable is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, refusing Access absolutely.
JAVA card is a kind of CPU smart card that can run JAVA program, and therefore said apparatus can be by Java card CPU/ virtual machine and memorizer implemented.
Device provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object, When non-array object is accessed, the relatively size of the deviant of member variable of non-array object and this non-array object, can Accessed with the deviant preventing the binary system that illegal user from malicious modification accesses non-array object from executing the member variable in file Data outside all members of non-array object, improves the safety of Java card.
Alternatively, in said apparatus, the size information of described non-array object is saved in the right of described non-array object As in head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, as shown in figure 3, described access control module includes verification unit 221, for when described non-array object When accessed, from the object reference running the storehouse described non-array object of taking-up, positioning is accessed for the storage of non-array object Position, reads the size information of described non-array object from the object head of described non-array object or the object head of extension, from The skew of the member variable being accessed for non-array object is read in code area, and verification is accessed for the member variable of non-array object Deviant whether consistent with the size information of described non-array object.
Alternatively, as shown in figure 3, described access control module also includes control unit 222 and performance element 223:
Described control unit 222, for the deviant when the member variable being accessed for non-array object more than described non- During the size of array object, the access to described non-array object for the refusal;
Described performance element 223, is less than or equal to described non-array object for the deviant when described non-array object Size when, verify the access rights of described non-array object, realized to described member variable according to the deviant that calculates Access.
Alternatively, as shown in figure 3, the Object Creation module of described device also includes memory element 201, for will be described non- The object head of the object head of array object or extension is preserved respectively with the data of described non-array object, in one-to-one relationship.
Device provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object, The size of non-array object can quickly be determined when non-array object is accessed, by member's skew of relatively non-array object Value and the size of this non-array object, prevent illegal user from malicious modification from accessing in the binary system execution file of non-array object The deviant of member variable accesses the data outside all members of non-array object, in the situation not losing Java card performance Lower it is ensured that the safety of Java card data access.
Below by an one exemplary embodiment, the present invention is further detailed.It is assumed that non-array object abc bag Containing 5 member variables A, B, C, D, E, index a1, a2, a3, a4, a5 (or call number 0~4) respectively of each member variable;Just In the case of often, virtual machine takes out object reference (i.e. the mark of object is it is herein assumed that be abc) to be accessed from operation storehouse, System is calculated by object reference and can position object storage location, such as 00FF0000H address, then takes out the size of object 5 (numbers altogether of call number), afterwards from the code area of store code read member variable to be accessed skew (such as a1~ Arbitrary call number 0~4 in a5), after the access rights (example allows read-only or allows reading and writing etc.) of verification object are passed through, enter Whether whether the index value that one step verifies object accesses consistent with the index value in object head, if unanimously, according to this object Storage location and object member variable deviant (as a1~a5 or 0~4), corresponding member variable A, B, C, D or E are entered Row accesses, and such as reads, writes etc..The storage location of non-array object and the deviant of member variable therein, unique determination The data storage zone position of corresponding member variable.
If illegal user from malicious modification CAB file in prior art, the deviant of member variable is revised as a6 or rope Quotation marks are 5 (exceeded the quantity 5 of the member variable of non-array object or member variable can index range 0~4), if not Protect, then can access or the normal member variable of non-aray variable abc of malicious modification outside data space, such as read or Modification data, thus destroy the Information Security of Java card.
In the present embodiment, when creating non-array object abc, just in the object head of this non-array object or the object of extension The size information saving this non-array object in head byte (for example, indexes number for member variable herein:5);Executing visit When asking this non-array object, need to first pass through the deviant of the member variable of comparison non-array object abc whether with this non-array Whether the array size information preserving in the object head of object abc is consistent.Now, if illegal user from malicious changes access, this is non- The binary executable of array object abc, the deviant of the member variable of this non-array object is revised as a6, then permissible Find that a6 (i.e. call number is 5, rather than 0~4) has exceeded size (i.e. number of members 5 or the call number of this non-array object abc 0~4 scope), the access to described non-array object abc for the refusal, thus protect the data that Java card data field preserves to exempt from Malice reads or modification destroys.
As long as obviously accessing the deviant of the member variable of this non-array object, beyond creating during this non-array object Object size, is the data field beyond the member attempting to access that this non-array object, for example, the size of this non-array object is 5 or the member variable that can index deviant be 0~4;As long as accessing in the binary executable of this non-array object The deviant of member variable beyond 0~4 scope or the size (i.e. member's variable number 5) having exceeded this non-array object, For example the deviant accessing the member variable of non-array object is revised as 10, the one-tenth to this non-array object for the embodiment of the present invention Before the data field execution operation of member's variable, you can verification finds that this deviant 10 exceedes the size (i.e. 5 of described non-array object Or the member variable of non-array object can index range 0~4), belong to illegal operation, the visit to described non-array object for the refusal Ask.Meanwhile, can be with alarm prompt.
It should be noted that herein, term " inclusion ", "comprising" or its any other variant are intended to non-row The comprising of his property, so that including a series of process of key elements, method, article or device not only include those key elements, and And also include other key elements of being not expressly set out, or also include intrinsic for this process, method, article or device institute Key element.In the absence of more restrictions, the key element being limited by sentence "including a ..." is it is not excluded that including being somebody's turn to do Also there is other identical element in the process of key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by the mode of software plus necessary general hardware platform naturally it is also possible to pass through hardware, but in many cases The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words Go out partly can embodying in the form of software product of contribution, this computer software product is stored in a storage medium In (as ROM/RAM), including some instructions with so that a station terminal equipment (as Java card) executes each embodiment of the present invention Described method.
These are only the preferred embodiments of the present invention, not thereby limit the present invention the scope of the claims, every using this Equivalent structure or equivalent flow conversion that bright description and accompanying drawing content are made, or directly or indirectly it is used in other related skills Art field, is included within the scope of the present invention.

Claims (11)

1. a kind of Java card anti-attack method is it is characterised in that include:
When creating non-array object, the size information of described non-array object is saved in the object head of described non-array object In;
When described non-array object is accessed, whether the deviant verifying the member variable of described non-array object is non-with described The size information preserving in the object head of array object is consistent, if it is inconsistent, denied access.
2. the method for claim 1 is it is characterised in that the described size information by described non-array object is saved in institute State in the object head of non-array object, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
3. the method for claim 1 it is characterised in that described when described non-array object is by anti-asking, described inspection The deviant of the member variable of described non-array object whether with the size information that preserves in the object head of described non-array object Unanimously, including:
When described non-array object is accessed, from the object reference running the storehouse described non-array object of taking-up, positioning is interviewed The storage location of the non-array object asked, reads described non-number from the object head of described non-array object or the object head of extension The size information of group objects, reads the deviant of the member variable being accessed for non-array object from code area, and verification is accessed The member variable of non-array object deviant whether consistent with the size information of described non-array object.
4. the method for claim 1 is it is characterised in that described verification is accessed for the member variable of non-array object Whether deviant is consistent with the size information of described non-array object, if it is inconsistent, denied access, including:
When be accessed for the deviant of member variable of non-array object be more than or equal to described non-array object size when, refuse The access of definitely described non-array object;When the deviant of the member variable of described non-array object is less than described non-array object Size and more than or equal to 0 when, verify described non-array object access rights pass through after, according to the skew calculating Value realizes the access to described member variable.
5. the method as described in any one of Claims 1 to 4 is it is characterised in that the object head of described non-array object or extension Object head preserve respectively with the data of described non-array object, in one-to-one relationship.
6. a kind of Java card attack protection device is it is characterised in that include:
Object Creation module, for when creating non-array object, the size information of described non-array object being saved in described In the object head of non-array object;
Access control module, for when described non-array object is accessed, verifying the member variable of described non-array object Whether deviant is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, denied access.
7. device as claimed in claim 6 is it is characterised in that the described size information by described non-array object is saved in institute State in the object head of non-array object, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
8. device as claimed in claim 6 is it is characterised in that described access control module includes verification unit, for working as State non-array object be accessed when, from run storehouse take out described non-array object object reference, positioning be accessed for non-number The storage location of group objects, reads described non-array object from the object head of described non-array object or the object head of extension Size information, reads the deviant of the member variable being accessed for non-array object from code area, and verification is accessed for non-array Whether the deviant of the member variable of object is consistent with the size information of described non-array object.
9. device as claimed in claim 6 is it is characterised in that described access control module also includes access control unit and visit Ask performance element:
Described access control unit, for the deviant when the member variable being accessed for non-array object more than or equal to described During the size of non-array object, the access to described non-array object for the refusal;
Described access performance element, the deviant for the member variable when described non-array object is less than described non-array object Size and more than or equal to 0 when, verify described non-array object access rights pass through after, according to the skew calculating Value realizes the access to described member variable.
10. the device as described in any one of claim 6~9 is it is characterised in that described Object Creation module also includes storage list Unit, for the data of the object head of the object head of described non-array object or extension and described non-array object is preserved respectively, In one-to-one relationship.
A kind of 11. Java card are it is characterised in that include the attack protection device as described in any one of claim 6~10.
CN201610811587.3A 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device Active CN106485138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610811587.3A CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610811587.3A CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Publications (2)

Publication Number Publication Date
CN106485138A true CN106485138A (en) 2017-03-08
CN106485138B CN106485138B (en) 2019-11-29

Family

ID=58274162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610811587.3A Active CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Country Status (1)

Country Link
CN (1) CN106485138B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088718A2 (en) * 2000-05-12 2001-11-22 Zucotto Wireless, Inc. Methods and systems for applications to interact with hardware
CN102799660A (en) * 2012-07-04 2012-11-28 北京中电华大电子设计有限责任公司 JAVA card object management method
CN104133733A (en) * 2014-07-29 2014-11-05 北京航空航天大学 Memory error detection method
CN105303115A (en) * 2015-10-29 2016-02-03 成都信息工程大学 Detection method and apparatus for out-of-bounds access bug of Java card

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088718A2 (en) * 2000-05-12 2001-11-22 Zucotto Wireless, Inc. Methods and systems for applications to interact with hardware
CN102799660A (en) * 2012-07-04 2012-11-28 北京中电华大电子设计有限责任公司 JAVA card object management method
CN104133733A (en) * 2014-07-29 2014-11-05 北京航空航天大学 Memory error detection method
CN105303115A (en) * 2015-10-29 2016-02-03 成都信息工程大学 Detection method and apparatus for out-of-bounds access bug of Java card

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
徐江珮 等: "Java卡COS安全漏洞的一种探测与分析方法", 《微电子学与计算机》 *

Also Published As

Publication number Publication date
CN106485138B (en) 2019-11-29

Similar Documents

Publication Publication Date Title
US11113384B2 (en) Stack overflow protection by monitoring addresses of a stack of multi-bit protection codes
JP3710671B2 (en) One-chip microcomputer, IC card using the same, and access control method for one-chip microcomputer
EP3207485B1 (en) Code pointer authentication for hardware flow control
US5894550A (en) Method of implementing a secure program in a microprocessor card, and a microprocessor card including a secure program
AU722463B2 (en) Using a high level programming language with a microcontroller
US7251735B2 (en) Buffer overflow protection and prevention
US20030140176A1 (en) Techniques for permitting access across a context barrier on a small footprint device using an entry point object
US20060047954A1 (en) Data access security implementation using the public key mechanism
US20070266214A1 (en) Computer system having memory protection function
US20030028742A1 (en) Method for securing a typed data language, particularly in an embedded system, and embedded system for implementing the method
JP2003067700A (en) Memory and method for storing data structure
Rivera et al. Keeping safe rust safe with galeed
CN105653906B (en) Method is linked up with based on the random anti-kernel in address
EP1434121A2 (en) Techniques for implementing security on a small footprint device using a context barrier
RU2266559C2 (en) Microprocessor circuit for data carrier and method for providing access to data, loaded in memory
Piessens et al. Software security: Vulnerabilities and countermeasures for two attacker models
US20190370439A1 (en) Secure system on chip for protecting software program from tampering, rehosting and piracy and method for operating the same
Lancia et al. Java card virtual machine compromising from a bytecode verified applet
NO300438B1 (en) Service delivery terminal, with protected remote loading
JP2008234248A (en) Program execution device and program execution method
Bouffard et al. The Next Smart Card Nightmare: Logical Attacks, Combined Attacks, Mutant Applications and Other Funny Things
CN106485138A (en) A kind of Java card anti-attack method and device
Abadi et al. On layout randomization for arrays and functions
Crandall et al. A security assessment of the minos architecture
US6776346B1 (en) Secured access device with chip card application

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20200806

Address after: 2505 COFCO Plaza, No.2, nanmenwai street, Nankai District, Tianjin

Patentee after: Xin Xin finance leasing (Tianjin) Co.,Ltd.

Address before: 100094 No. 6 Yongjia North Road, Beijing, Haidian District

Co-patentee before: DATANG SEMICONDUCTOR DESIGN Co.,Ltd.

Patentee before: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211102

Address after: 100094 No. 6 Yongjia North Road, Beijing, Haidian District

Patentee after: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Patentee after: DATANG SEMICONDUCTOR DESIGN Co.,Ltd.

Address before: 300110 2505 COFCO Plaza, No. 2, nanmenwai street, Nankai District, Tianjin

Patentee before: Xin Xin finance leasing (Tianjin) Co.,Ltd.