A kind of Java card anti-attack method and device
Technical field
The present invention relates to Java card technical field, more particularly, to a kind of Java card anti-attack method, device.
Background technology
Java card object accesses are generally completed by several assembly instructions, and such as the member variable of reading object is used
Getfield dependent instruction, member variable assignment putfield dependent instruction, every instruction is followed by one or two words
The constant of section, illustrates the skew of the member variable of object to be accessed, Java card virtual machine refers to by realizing the access of these correlations
Make and to realize the access control to object member variable.Virtual machine is common, and to realize flow process as follows:Take from operation storehouse first
Go out object reference (i.e. the mark of object) to be accessed, then read one-tenth to be accessed from the place (i.e. code area) of store code
The skew of member's variable, system is calculated by object reference and positions the storage location of object, then verifies the access rights of object,
Just the access control to member variable can be realized finally by the skew calculating, such as read, write etc..
The object of Java card is divided into array object and non-array object, and the access control of array object is operationally to realize
, rather than array is to be made up of a series of member variable, the access control to these member variables is to realize in the compilation phase
, for example, if user writes one section of code and attempts to access that the non-existent member variable of non-array object, compiler immediately will
Find that is to say, that user cannot realize accessing all members of non-array object by way of directly writing Java code
Outside data.
Content of the invention
Present invention is primarily targeted at proposing a kind of Java card anti-attack method, device it is intended to the above-mentioned Java of solution can
The security risk problem that can exist.
For achieving the above object, a kind of Java card anti-attack method that the present invention provides, including:
When creating non-array object, the size information of described non-array object is saved in the right of described non-array object
As in head;
When described non-array object is accessed, verify described non-array object member variable deviant whether with institute
State the size information preserving in the object head of non-array object consistent, if it is inconsistent, denied access.
Alternatively, wherein, the described size information by described non-array object is saved in the object of described non-array object
In head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, wherein, described when described non-array object is by anti-asking, the member of the described non-array object of described inspection
Whether the deviant of variable is consistent with the size information preserving in the object head of described non-array object, including:
When described non-array object is accessed, from the object reference running the storehouse described non-array object of taking-up, positioning
It is accessed for the storage location of non-array object, read described from the object head of described non-array object or the object head of extension
The size information of non-array object, reads the deviant of the member variable being accessed for non-array object from code area, verifies quilt
Whether the deviant of the member variable of non-array object accessing is consistent with the size information of described non-array object.
Alternatively, wherein, described verification be accessed for the member variable of non-array object deviant whether non-with described
The size information of array object is consistent, if it is inconsistent, denied access, including:
When the deviant of the member variable being accessed for non-array object is more than or equal to the size of described non-array object
When, the access to described non-array object for the refusal;When the deviant of the member variable of described non-array object is less than described non-number
The size of group objects and during more than or equal to 0, verify described non-array object access rights pass through after, according to calculating
Deviant realize access to described member variable.
Alternatively, wherein, the number of the object head of the object head of described non-array object or extension and described non-array object
According to preserving respectively, in one-to-one relationship.
Present invention also offers a kind of Java card attack protection device, including:
Object Creation module, for when creating non-array object, the size information of described non-array object being saved in
In the object head of described non-array object;
Access control module, for when described non-array object is accessed, the member verifying described non-array object becomes
Whether the deviant of amount is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, refusal
Access.
Alternatively, wherein, the described size information by described non-array object is saved in the object of described non-array object
In head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, wherein, described access control module includes verification unit, for being accessed when described non-array object
When, from the object reference running the storehouse described non-array object of taking-up, positioning is accessed for the storage location of non-array object, from
Read the size information of described non-array object in the object head of the object head of described non-array object or extension, read from code area
Take the deviant of the member variable being accessed for non-array object, verification is accessed for the skew of the member variable of non-array object
Whether value is consistent with the size information of described non-array object.
Alternatively, wherein, described access control module also includes access control unit and accesses performance element:
Described access control unit, for being more than or equal to when the deviant of the member variable being accessed for non-array object
During the size of described non-array object, the access to described non-array object for the refusal;
Described access performance element, the deviant for the member variable when described non-array object is less than described non-array
The size of object and more than or equal to 0 when, verify described non-array object access rights pass through after, according to calculate
Deviant realizes the access to described member variable.
Alternatively, wherein said Object Creation module also includes memory element, for by the object of described non-array object
The object head of head or extension is preserved with the data of described non-array object, respectively in one-to-one relationship.
The present invention also provides a kind of Java card, including the attack protection device described in any of the above-described.
Technical scheme provided in an embodiment of the present invention, when creating non-array object, preserves the size of this non-array object
Information, can quickly determine the size of non-array object, by the one-tenth of relatively non-array object when non-array object is accessed
The deviant of member's variable and the size of this non-array object, prevent illegal user from malicious modification from accessing the binary system of non-array object
The deviant of the member variable in execution file accesses the data outside all members of non-array object, is not losing Java card
It is ensured that the safety of Java card data access in the case of energy.
Brief description
Fig. 1 is the schematic flow sheet of the Java card anti-attack method of first embodiment of the invention;
Fig. 2 is the module diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 3 is the modular unit schematic diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 4 is the Java card structural representation comprising attack protection device of the present invention;
The realization of the object of the invention, functional characteristics and advantage will be described further in conjunction with the embodiments referring to the drawings.
Specific embodiment
It should be appreciated that specific embodiment described herein, only in order to explain the present invention, is not intended to limit the present invention.
Below in conjunction with drawings and Examples, technical scheme is described in detail.
If it should be noted that not conflicting, each feature in the embodiment of the present invention and embodiment can mutually be tied
Close, all within protection scope of the present invention.In addition, though showing logical order in flow charts, but in some situations
Under, can be with the step shown or described different from order execution herein.
Realize the mobile terminal of each embodiment of the present invention referring now to Description of Drawings.In follow-up description, use
For represent element such as " module ", " part " or " unit " suffix only for being conducive to the explanation of the present invention, itself
Not specific meaning.Therefore, " module " and " part " can mixedly use.
In prior art, the skew of the member variable of non-array object is the value of a fixation, after object is fixing, wherein often
The deviant of individual member just secures.When accessing non-array object every time, this fixing deviant is write by compiler
In binary system execution file (i.e. CAP file), then download to execution on card, it is inclined that the executor on card reads this
The data of shifting value corresponding data field storage, if illegal user from malicious have modified the deviant of the correlation in this CAP file,
The protection of compiler just can be skipped to access the data outside all members of non-array object, this be one greatly safety leak
Hole.For there is the product of safety requirements clearly for one, if not taking the precautionary measures, just having and potentially maliciously being attacked
The danger hit.
For the problems referred to above, first embodiment of the invention proposes a kind of Java card anti-attack method, as shown in figure 1, including:
Step 10:When creating non-array object, the size information of described non-array object is saved in described non-array
In the object head of object;
In Java card is realized, each object includes two parts:Object head and object data, object head is to object
Description, the such as owner of object, the operation context of object, the bag at object place and class etc., for array object, in object head
Also include the size information (population size of object) of array, when creating array object, the size information phase of this array object
Should determine that the number of members of this object.
But, in existing Java technology, the object head of non-array object does not comprise the size information of non-array object, non-
The size information of array object is included in the category information of this object, and category information is saved in class component again, will obtain non-array
The size information of object needs through the following steps:According to the class component information of the package informatin positioning bag in non-array object head,
Further according to class component Information locating object category information, from category information, finally obtain the size of this non-array object.If every time
Access non-array object and all adopt such flow process, Java card will become slowly to the performance that non-array object accesses, directly
Connect the whole properties of product of impact.
The present embodiment proposes in the non-array object of each establishment, just preserves the size information of described non-array object
To in the object head of described non-array object;The object head of non-array object if there are unnecessary byte, just by this non-array pair
The size information of elephant is saved in the unnecessary byte of object head, if the object head of non-array object does not have unnecessary byte, just
Expand the length of object head, the byte of extension is added the size information of this non-array object, to access non-array pair
As when can quickly obtain the size information (size of the number of members of non-array object) of this non-array object.
Step 12:When described non-array object is accessed, verify the deviant of the member variable of described non-array object
Whether consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, denied access.
The embodiment of the present invention each create non-array object when, just right in the object head of this non-array object or extension
As saving the size information of this non-array object in head, this size information defines the number of members of this non-array object;Cause
This, when non-array object is accessed, the deviant (or index of non-array object) that can verify non-array object is non-with this
Whether the non-array object size information (number of members of non-array object) preserving in the object head of array object is consistent, if
Inconsistent, show the deviant of the member variable that illegal user from malicious may be had to have modified non-array object it is intended to access non-number
Data field beyond the member of group objects, refuses the access to this non-array object for the Java card.
JAVA card is a kind of CPU smart card that can run JAVA program, and therefore said method can be by Java card
CPU/ virtual machine and memorizer implemented.
Method provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object,
When non-array object is accessed, by the size of relatively member's deviant of non-array object and this non-array object, permissible
Prevent the binary system that illegal user from malicious changes non-array object from executing the deviant of the member variable in file (i.e. CAP file)
Access the data outside all members of non-array object, improve the safety of Java card.
Alternatively, the above-mentioned size information by described non-array object is saved in the object head of described non-array object,
Including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Due to not accounting for preserving the size information of non-array object in the object head of non-array object in prior art
Problem, therefore, when creating non-array object, the size information of this non-array object is possibly cannot be directly in non-array object
Preserve (for example when the head of non-array object does not have unnecessary byte or reserved byte) in object head byte, then need to expand
Open up the byte number of the object head of non-array object, to preserve the size information of this non-array object, the object head byte of extension
The size of number, the size information of the non-array object preserving as needed determines.The size information of non-array object, refers to that this is non-
The quantity (or call number quantity information of member variable) of the member variable of array object.
Alternatively, in said method, when described non-array object is accessed, the one-tenth of the described non-array object of described inspection
Whether the skew of member's variable is consistent with the size information preserving in the object head of described non-array object, including:
When described non-array object is accessed, from the object reference running the storehouse described non-array object of taking-up, positioning
It is accessed for the storage location of non-array object, read described from the object head of described non-array object or the object head of extension
The size information of non-array object, reads the skew of the member variable being accessed for non-array object from code area, and verification is interviewed
Whether the deviant of the member variable of non-array object asked is consistent with the size information of described non-array object.
In the embodiment of the present invention, need to existing Java object access control dependent instruction getfield's and putfield
Flow process is modified, and amended related procedure is as follows:
Take out non-array object to be accessed from operation storehouse first to quote, positioning is calculated by object reference described non-
The storage location of array object, the object size information from the storage location reading object head of described non-array object, so
Read the deviant of the member variable that will access this non-array object afterwards from code area, verify the member variable of non-array object
Whether deviant is consistent with the size information of described non-array object, whether has exceeded the size of object.
It is obvious also possible to first obtain the deviant of the member variable accessing non-array object, then obtain described non-array pair
The size information of elephant, then verifies the deviant whether size letter with described non-array object of the member variable of non-array object
Breath is consistent.
Member's deviant of non-array object, represents member's index (sequence number) of this non-array object;Non- array object
Size information, represents the quantity (or can index range) of the member variable of this non-array object.Because the present invention is creating non-number
In the object head of this non-array object or the object head of extension, during group objects, just save the size information of this non-array object
(quantity of member variable or can index range), therefore can compare member's deviant of non-array object whether with described non-number
The size information of group objects is consistent.Obviously, during the member variable of the non-array object of normal access, the member of this non-array object becomes
The deviant of amount should be consistent with the size information of described non-array object, i.e. the skew of the member variable of non-array object
What value (or index) should not exceed the quantitative range of member variable of this non-array object or member variable can index range.
Alternatively, wherein, when the deviant of the member variable being accessed for non-array object is more than or equal to described non-number
During the size of group objects, the access to described non-array object for the refusal;Deviant when the member variable of described non-array object
Less than described non-array object size when and be more than or equal to 0, verify described non-array object access rights pass through
When, the access to described member variable is realized according to the deviant calculating.
In the embodiment of the present invention, if verification find be accessed for non-array object member variable deviant be more than or
Equal to the size of described non-array object, for example, it is accessed for the index of the member variable of non-array object, exceeded this non-number
The population size of the member variable of group objects or member variable can index range, then show the member variable of this non-array object
Deviant inconsistent with the size information of described non-array object, access described non-array object binary system execution file different
Often or can suffer from malicious modification, configuration processor attempts to access that the data field beyond the member variable of this non-array object, therefore
The access to described non-array object for the refusal, prevents the data field of Java card to be subject to malicious attack.
Alternatively, when finding the non-aray variable of unauthorized access, can be with alarm prompt it is also possible to the operation of terminal card.
Alternatively, in said method, the object head of described non-array object or the object head of extension, with described non-array pair
The data of elephant preserves respectively, in one-to-one relationship.
In prior art, the object head data area of non-array object is stored in same memory space, and object head is not
Preserve the size information of this non-array object.In the embodiment of the present invention, when creating non-array object, by this non-array object
When size information is saved in the object head of the object head of this non-array object or extension, it is referred to existing non-array object
Memory allocation mode carries out preserving this non-array object.
Preferably, verify for ease of quick-searching, reduce the impact to Java card technical performance as far as possible, can be by non-number
The object head of the object head of group objects or extension is preserved in the independent memory space dividing, and the data by non-array object
Area preserves in the other memory space dividing, and makes the object head of non-array object or the object head of extension and described non-array object
Data field, in one-to-one relationship, so as to quickly positioning the size of non-array object, do not losing Java card performance
In the case of it is ensured that the safety of Java card data access.
Method provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object,
The size of non-array object can quickly be determined when non-array object is accessed, by the member variable of relatively non-array object
Deviant and this non-array object size, prevent illegal user from malicious modification access non-array object binary system execute literary composition
The deviant of the member variable in part accesses the data outside all members of non-array object, in the feelings not losing Java card performance
It is ensured that the safety of Java card data access under condition.
Correspondingly, second embodiment of the invention additionally provides a kind of Java card attack protection device, as shown in Fig. 2 including:
Object Creation module 20, for when creating non-array object, the size information of described non-array object being preserved
To in the object head of described non-array object;
Access control module 22, for when described non-array object is accessed, verifying the member of described non-array object
Whether the deviant of variable is consistent with the size information preserving in the object head of described non-array object, if it is inconsistent, refusing
Access absolutely.
JAVA card is a kind of CPU smart card that can run JAVA program, and therefore said apparatus can be by Java card
CPU/ virtual machine and memorizer implemented.
Device provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object,
When non-array object is accessed, the relatively size of the deviant of member variable of non-array object and this non-array object, can
Accessed with the deviant preventing the binary system that illegal user from malicious modification accesses non-array object from executing the member variable in file
Data outside all members of non-array object, improves the safety of Java card.
Alternatively, in said apparatus, the size information of described non-array object is saved in the right of described non-array object
As in head, including:
The size information of described object is saved in the object head of described non-array object or the object head of extension.
Alternatively, as shown in figure 3, described access control module includes verification unit 221, for when described non-array object
When accessed, from the object reference running the storehouse described non-array object of taking-up, positioning is accessed for the storage of non-array object
Position, reads the size information of described non-array object from the object head of described non-array object or the object head of extension, from
The skew of the member variable being accessed for non-array object is read in code area, and verification is accessed for the member variable of non-array object
Deviant whether consistent with the size information of described non-array object.
Alternatively, as shown in figure 3, described access control module also includes control unit 222 and performance element 223:
Described control unit 222, for the deviant when the member variable being accessed for non-array object more than described non-
During the size of array object, the access to described non-array object for the refusal;
Described performance element 223, is less than or equal to described non-array object for the deviant when described non-array object
Size when, verify the access rights of described non-array object, realized to described member variable according to the deviant that calculates
Access.
Alternatively, as shown in figure 3, the Object Creation module of described device also includes memory element 201, for will be described non-
The object head of the object head of array object or extension is preserved respectively with the data of described non-array object, in one-to-one relationship.
Device provided in an embodiment of the present invention, when creating non-array object, preserves the size information of this non-array object,
The size of non-array object can quickly be determined when non-array object is accessed, by member's skew of relatively non-array object
Value and the size of this non-array object, prevent illegal user from malicious modification from accessing in the binary system execution file of non-array object
The deviant of member variable accesses the data outside all members of non-array object, in the situation not losing Java card performance
Lower it is ensured that the safety of Java card data access.
Below by an one exemplary embodiment, the present invention is further detailed.It is assumed that non-array object abc bag
Containing 5 member variables A, B, C, D, E, index a1, a2, a3, a4, a5 (or call number 0~4) respectively of each member variable;Just
In the case of often, virtual machine takes out object reference (i.e. the mark of object is it is herein assumed that be abc) to be accessed from operation storehouse,
System is calculated by object reference and can position object storage location, such as 00FF0000H address, then takes out the size of object
5 (numbers altogether of call number), afterwards from the code area of store code read member variable to be accessed skew (such as a1~
Arbitrary call number 0~4 in a5), after the access rights (example allows read-only or allows reading and writing etc.) of verification object are passed through, enter
Whether whether the index value that one step verifies object accesses consistent with the index value in object head, if unanimously, according to this object
Storage location and object member variable deviant (as a1~a5 or 0~4), corresponding member variable A, B, C, D or E are entered
Row accesses, and such as reads, writes etc..The storage location of non-array object and the deviant of member variable therein, unique determination
The data storage zone position of corresponding member variable.
If illegal user from malicious modification CAB file in prior art, the deviant of member variable is revised as a6 or rope
Quotation marks are 5 (exceeded the quantity 5 of the member variable of non-array object or member variable can index range 0~4), if not
Protect, then can access or the normal member variable of non-aray variable abc of malicious modification outside data space, such as read or
Modification data, thus destroy the Information Security of Java card.
In the present embodiment, when creating non-array object abc, just in the object head of this non-array object or the object of extension
The size information saving this non-array object in head byte (for example, indexes number for member variable herein:5);Executing visit
When asking this non-array object, need to first pass through the deviant of the member variable of comparison non-array object abc whether with this non-array
Whether the array size information preserving in the object head of object abc is consistent.Now, if illegal user from malicious changes access, this is non-
The binary executable of array object abc, the deviant of the member variable of this non-array object is revised as a6, then permissible
Find that a6 (i.e. call number is 5, rather than 0~4) has exceeded size (i.e. number of members 5 or the call number of this non-array object abc
0~4 scope), the access to described non-array object abc for the refusal, thus protect the data that Java card data field preserves to exempt from
Malice reads or modification destroys.
As long as obviously accessing the deviant of the member variable of this non-array object, beyond creating during this non-array object
Object size, is the data field beyond the member attempting to access that this non-array object, for example, the size of this non-array object is
5 or the member variable that can index deviant be 0~4;As long as accessing in the binary executable of this non-array object
The deviant of member variable beyond 0~4 scope or the size (i.e. member's variable number 5) having exceeded this non-array object,
For example the deviant accessing the member variable of non-array object is revised as 10, the one-tenth to this non-array object for the embodiment of the present invention
Before the data field execution operation of member's variable, you can verification finds that this deviant 10 exceedes the size (i.e. 5 of described non-array object
Or the member variable of non-array object can index range 0~4), belong to illegal operation, the visit to described non-array object for the refusal
Ask.Meanwhile, can be with alarm prompt.
It should be noted that herein, term " inclusion ", "comprising" or its any other variant are intended to non-row
The comprising of his property, so that including a series of process of key elements, method, article or device not only include those key elements, and
And also include other key elements of being not expressly set out, or also include intrinsic for this process, method, article or device institute
Key element.In the absence of more restrictions, the key element being limited by sentence "including a ..." is it is not excluded that including being somebody's turn to do
Also there is other identical element in the process of key element, method, article or device.
The embodiments of the present invention are for illustration only, do not represent the quality of embodiment.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by the mode of software plus necessary general hardware platform naturally it is also possible to pass through hardware, but in many cases
The former is more preferably embodiment.Based on such understanding, technical scheme is substantially done to prior art in other words
Go out partly can embodying in the form of software product of contribution, this computer software product is stored in a storage medium
In (as ROM/RAM), including some instructions with so that a station terminal equipment (as Java card) executes each embodiment of the present invention
Described method.
These are only the preferred embodiments of the present invention, not thereby limit the present invention the scope of the claims, every using this
Equivalent structure or equivalent flow conversion that bright description and accompanying drawing content are made, or directly or indirectly it is used in other related skills
Art field, is included within the scope of the present invention.