CN106485138B - A kind of Java card anti-attack method and device - Google Patents

A kind of Java card anti-attack method and device Download PDF

Info

Publication number
CN106485138B
CN106485138B CN201610811587.3A CN201610811587A CN106485138B CN 106485138 B CN106485138 B CN 106485138B CN 201610811587 A CN201610811587 A CN 201610811587A CN 106485138 B CN106485138 B CN 106485138B
Authority
CN
China
Prior art keywords
array object
array
head
deviant
member variable
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610811587.3A
Other languages
Chinese (zh)
Other versions
CN106485138A (en
Inventor
秦远富
熊燕萍
尚微
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Datang Microelectronics Technology Co Ltd
Datang Semiconductor Design Co Ltd
Original Assignee
Datang Microelectronics Technology Co Ltd
Datang Semiconductor Design Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Datang Microelectronics Technology Co Ltd, Datang Semiconductor Design Co Ltd filed Critical Datang Microelectronics Technology Co Ltd
Priority to CN201610811587.3A priority Critical patent/CN106485138B/en
Publication of CN106485138A publication Critical patent/CN106485138A/en
Application granted granted Critical
Publication of CN106485138B publication Critical patent/CN106485138B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Devices For Executing Special Programs (AREA)

Abstract

The invention discloses a kind of Java card anti-attack method and devices, which comprises when creating non-array object, the size information of the non-array object is saved in the object head of the non-array object;When the non-array object is accessed, whether the deviant for verifying the member variable of the non-array object is consistent with the size information saved in the object head of the non-array object, if it is inconsistent, denied access.The present invention also provides a kind of Java card including attack protection device.The present invention program, the size information of the non-array object is saved when creating non-array object, the size of non-array object can be quickly determined when non-array object is accessed, by comparing the deviant of the member variable of non-array object and the size of the non-array object, prevent illegal user from malicious modification from accessing the member variable deviant in the binary system execution file of non-array object, in the case where not losing Java card performance, guarantee the safety of Java card data access.

Description

A kind of Java card anti-attack method and device
Technical field
The present invention relates to Java card technical field more particularly to a kind of Java card anti-attack methods, device.
Background technique
Java card object accesses are usually completed by several assembly instructions, as the member variable of reading object is used Getfield dependent instruction, member variable assignment putfield dependent instruction, every instruction is followed by one or two words The constant of section illustrates the offset of the member variable of object to be accessed, and Java card virtual machine is by realizing that these relevant access refer to It enables to realize the access control to object member variable.The common implementation process of virtual machine is as follows: taking from operation storehouse first The object reference to be accessed out (i.e. the mark of object), then from the place of store code (i.e. code area) read to be accessed at The offset of member's variable, system are calculated by object reference and position the storage location of object, and the access authority of object is then verified, The access control to member variable can be realized finally by calculated offset, such as is read, write-in.
The object of Java card is divided into array object and non-array object, and the access control of array object is to realize at runtime , rather than array is made of a series of member variable, the access control to these member variables was realized in the compilation phase , for example, if user writes one section of code and attempts to access that the member variable that non-array object is not present, compiler immediately will It was found that, that is to say, that user can not realize the non-all members of array object of access by way of directly writing Java code Except data.
Summary of the invention
It is a primary object of the present invention to propose a kind of Java card anti-attack method, device, it is intended to which solving above-mentioned Java can Security risk problem existing for energy.
To achieve the above object, a kind of Java card anti-attack method provided by the invention, comprising:
When creating non-array object, the size information of the non-array object is saved in pair of the non-array object As in head;
When the non-array object is accessed, verify the member variable of the non-array object deviant whether with institute It is consistent to state the size information saved in the object head of non-array object, if it is inconsistent, denied access.
Optionally, wherein the size information by the non-array object is saved in the object of the non-array object In head, comprising:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
Optionally, wherein described when the non-array object is by anti-ask, the member for examining the non-array object Whether the deviant of variable is consistent with the size information saved in the object head of the non-array object, comprising:
When the non-array object is accessed, the object reference of the non-array object, positioning are taken out from operation storehouse The storage location of accessed non-array object, read from the object head of the non-array object or the object head of extension described in The size information of non-array object reads the deviant of the member variable of accessed non-array object from code area, verifies quilt Whether the deviant of the member variable of the non-array object of access is consistent with the size information of the non-array object.
Optionally, wherein the deviant of the member variable of the accessed non-array object of the verification whether with it is described non- The size information of array object is consistent, if it is inconsistent, denied access, comprising:
When the deviant of the member variable of accessed non-array object is greater than or equal to the size of the non-array object When, refuse the access to the non-array object;When the deviant of the member variable of the non-array object is less than the non-number The size of group objects and when being more than or equal to 0, verify the non-array object access authority pass through after, according to calculating Deviant realize access to the member variable.
Optionally, wherein the number of the object head of the non-array object or the object head of extension and the non-array object It is in one-to-one relationship according to saving respectively.
The present invention also provides a kind of Java card attack protection devices, comprising:
Object Creation module, for when creating non-array object, the size information of the non-array object to be saved in In the object head of the non-array object;
Access control module, for when the non-array object is accessed, the member for verifying the non-array object to become Whether the deviant of amount is consistent with the size information saved in the object head of the non-array object, if it is inconsistent, refusal Access.
Optionally, wherein the size information by the non-array object is saved in the object of the non-array object In head, comprising:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
Optionally, wherein the access control module includes verification unit, for being accessed when the non-array object When, the object reference of the non-array object is taken out from operation storehouse, positions the storage location of accessed non-array object, from The size information that the non-array object is read in the object head of the non-array object or the object head of extension is read from code area The deviant for taking the member variable of accessed non-array object verifies the offset of the member variable of accessed non-array object Whether consistent with the size information of the non-array object it is worth.
Optionally, wherein the access control module further includes access control unit and access execution unit:
The access control unit, the deviant for the member variable when accessed non-array object are greater than or equal to When the size of the non-array object, refuse the access to the non-array object;
The access execution unit, the deviant for the member variable when the non-array object are less than the non-array The size of object and when being more than or equal to 0, verify the non-array object access authority pass through after, according to calculated Deviant realizes the access to the member variable.
Optionally, wherein the Object Creation module further includes storage unit, for by the object of the non-array object The object head and the data of the non-array object of head or extension save respectively, are in one-to-one relationship.
The present invention also provides a kind of Java card, including attack protection device described in any of the above embodiments.
Technical solution provided in an embodiment of the present invention saves the size of the non-array object when creating non-array object Information can quickly determine the size of non-array object when non-array object is accessed, by comparing non-array object at The deviant of member's variable and the size of the non-array object, prevent illegal user from malicious modification from accessing the binary system of non-array object The deviant for executing the member variable in file accesses the data except all members of non-array object, is not losing Java card In the case where energy, guarantee the safety of Java card data access.
Detailed description of the invention
Fig. 1 is the flow diagram of the Java card anti-attack method of first embodiment of the invention;
Fig. 2 is the module diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 3 is the modular unit schematic diagram of the Java card attack protection device of second embodiment of the invention;
Fig. 4 is the Java card structural schematic diagram comprising attack protection device of the invention;
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
Technical solution of the present invention is described in detail below in conjunction with accompanying drawings and embodiments.
It should be noted that each feature in the embodiment of the present invention and embodiment can be tied mutually if do not conflicted It closes, it is within the scope of the present invention.In addition, though logical order is shown in flow charts, but in certain situations Under, it can be with the steps shown or described are performed in an order that is different from the one herein.
The mobile terminal of each embodiment of the present invention is realized in description with reference to the drawings.In subsequent description, use For indicate element such as " module ", " component " or " unit " suffix only for being conducive to explanation of the invention, itself There is no specific meanings.Therefore, " module " can be used mixedly with " component ".
The offset of the member variable of non-array object is a fixed value in the prior art, after object is fixed, wherein often The deviant of a member just secures.When accessing non-array object every time, compiler writes this deviant fixed Binary system executes in file (i.e. CAP file), then downloads on card and executes, and the executor on card reads this partially Shifting is worth the data of corresponding data field storage, if illegal user from malicious has modified the relevant deviant in this CAP file, The protection of compiler can be skipped to access the data except all members of non-array object, this is a greatly safety leakage Hole.For a product with safety requirements, if not taking the precautionary measures, just has and potentially maliciously attacked The danger hit.
In view of the above-mentioned problems, first embodiment of the invention proposes a kind of Java card anti-attack method, as shown in Figure 1, comprising:
Step 10: when creating non-array object, the size information of the non-array object being saved in the non-array In the object head of object;
In Java card realization, each object includes two parts: object head and object data, object head are to object Description, such as the owner of object, operation context, packet where object and the class of object etc., for array object, in object head It further include the size information (population size of object) of array, when creating array object, the size information phase of the array object The number of members of the object should be determined.
But in existing Java technology, the object head of non-array object does not include the size information of non-array object, non- The size information of array object is included in the category information of the object, and category information is stored in class component again, to obtain non-array The size information of object is needed by the following steps: the class component information wrapped according to the package informatin positioning in non-array object head, Further according to class component Information locating object category information, the size of the non-array object is finally obtained from category information.If every time It accesses non-array object and all uses such process, Java card will become very slowly, directly the performance that non-array object accesses Connecing influences entire properties of product.
The present embodiment is proposed when creating non-array object every time, just saves the size information of the non-array object Into the object head of the non-array object;The object head of non-array object is if there is extra byte, just by the non-array pair The size information of elephant is saved in the extra byte of object head, if the object head of non-array object does not have extra byte, just The length for expanding object head, adds the size information of the non-array object in the byte of extension, to access non-array pair As when can be quickly obtained the size information (size of the number of members of i.e. non-array object) of the non-array object.
Step 12: when the non-array object is accessed, verifying the deviant of the member variable of the non-array object It is whether consistent with the size information saved in the object head of the non-array object, if it is inconsistent, denied access.
The embodiment of the present invention when creating non-array object every time, just in the object head of the non-array object or pair of extension Size information as saving the non-array object in head, the size information define the number of members of the non-array object;Cause This, when non-array object is accessed, the deviant (or index of non-array object) that can verify non-array object is non-with this Whether the non-array object size information (number of members of non-array object) saved in the object head of array object is consistent, if It is inconsistent, show the deviant of member variable that there may be illegal user from malicious to have modified non-array object, it is intended to access non-number Access of the Java card to the non-array object is refused in data field other than the member of group objects.
JAVA card is a kind of CPU smart card that can run JAVA program, therefore the above method can be by Java card CPU/ virtual machine and memory implemented.
Method provided in an embodiment of the present invention saves the size information of the non-array object when creating non-array object, It, can be with by comparing member's deviant of non-array object and the size of the non-array object when non-array object is accessed The deviant for the member variable for preventing illegal user from malicious from modifying in binary system execution file (i.e. CAP file) of non-array object The data except all members of non-array object are accessed, the safety of Java card is improved.
Optionally, the above-mentioned size information by the non-array object is saved in the object head of the non-array object, Include:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
Due to the size information for not accounting for saving non-array object in the object head of non-array object in the prior art Problem, therefore, when creating non-array object, the size information of the non-array object is possibly can not be directly in non-array object (such as when the head of non-array object does not have extra byte or reserved byte) is saved in object head byte, then needs to expand The byte number of the object head of non-array object is opened up, to save the size information of the non-array object, the object head byte of extension The size information of several sizes, the non-array object saved as needed determines.The size information of non-array object refers to that this is non- The quantity (or call number quantity information of member variable) of the member variable of array object.
Optionally, in the above method, when the non-array object is accessed, it is described examine the non-array object at Whether the offset of member's variable is consistent with the size information saved in the object head of the non-array object, comprising:
When the non-array object is accessed, the object reference of the non-array object, positioning are taken out from operation storehouse The storage location of accessed non-array object, read from the object head of the non-array object or the object head of extension described in The size information of non-array object, the offset of the member variable of accessed non-array object is read from code area, and verification is interviewed Whether the deviant of the member variable for the non-array object asked is consistent with the size information of the non-array object.
In the embodiment of the present invention, need to existing Java object access control dependent instruction getfield and putfield Process is modified, and modified related procedure is as follows:
The non-array object to be accessed reference is taken out from operation storehouse first, it is described non-to calculate positioning by object reference The storage location of array object, the object size information from the storage location reading object head of the non-array object, so The deviant that access the member variable of the non-array object is read from code area afterwards, verifies the member variable of non-array object Whether deviant consistent with the size information of the non-array object, i.e., whether be more than object size.
It is obvious also possible to first obtain the deviant for accessing the member variable of non-array object, then obtain the non-array pair Whether the size information of elephant, the deviant for then verifying the member variable of non-array object are believed with the size of the non-array object Breath is consistent.
Member's deviant of non-array object indicates that the member of the non-array object indexes (serial number);Non- array object Size information indicates the quantity (or can index range) of the member variable of the non-array object.Since the present invention is creating non-number When group objects, the size information of the non-array object is just saved in the object head of the non-array object or the object head of extension (quantity of member variable or can index range), thus can more non-array object member's deviant whether with the non-number The size information of group objects is consistent.Obviously, when normally accessing the member variable of non-array object, the member of the non-array object becomes The deviant of amount and the size information of the non-array object should be consistent, i.e., the offset of the member variable of non-array object Value (or index) should not quantitative range beyond the member variable of the non-array object or member variable can index range.
Optionally, wherein, when the deviant of the member variable of accessed non-array object is greater than or equal to the non-number When the size of group objects, refuse the access to the non-array object;When the deviant of the member variable of the non-array object Less than the non-array object size when and be more than or equal to 0, the access authority for verifying the non-array object passes through When, the access to the member variable is realized according to calculated deviant.
In the embodiment of the present invention, if the deviant of the member variable of the accessed non-array object of verification discovery be greater than or Equal to the size of the non-array object, for example, the index of the member variable of accessed non-array object, has been more than the non-number The population size of the member variable of group objects or member variable can index range, then show the member variable of the non-array object Deviant and the non-array object size information it is inconsistent, accessing the binary system of the non-array object, to execute file different Often or it can suffer from malicious modification, execution program attempts to access that the data field other than the member variable of the non-array object, therefore Refuse the access to the non-array object, prevents the data field of Java card by malicious attack.
Optionally, can be with alarm prompt in the non-aray variable of discovery unauthorized access, it can also be with the operation of terminal card.
Optionally, in the above method, the object head of the non-array object or the object head of extension, with the non-array pair The data of elephant save respectively, are in one-to-one relationship.
The object head of non-array object and data field are stored in same memory space in the prior art, and object head is not Save the size information of the non-array object.In the embodiment of the present invention, when creating non-array object, by the non-array object Size information be saved in the non-array object object head or extension object head when, be referred to existing non-array object Memory allocation mode carries out saving the non-array object.
Preferably, to verify convenient for quick-searching, the influence to Java card technical performance is reduced as far as possible, it can be by non-number The object head of group objects or the object head of extension are saved in the memory space individually divided, and by the data of non-array object Area is saved in the memory space in addition divided, makes the object head of non-array object or the object head of extension and the non-array object Data field, so as to quickly position the size of non-array object do not losing Java card performance in one-to-one relationship In the case of, guarantee the safety of Java card data access.
Method provided in an embodiment of the present invention saves the size information of the non-array object when creating non-array object, The size that non-array object can be quickly determined when non-array object is accessed, by comparing the member variable of non-array object Deviant and the non-array object size, the binary system for preventing illegal user from malicious modification from accessing non-array object executes text The deviant of member variable in part accesses the data except all members of non-array object, in the feelings for not losing Java card performance Under condition, guarantee the safety of Java card data access.
Correspondingly, second embodiment of the invention additionally provides a kind of Java card attack protection device, as shown in Figure 2, comprising:
Object Creation module 20, for when creating non-array object, the size information of the non-array object to be saved Into the object head of the non-array object;
Access control module 22, for verifying the member of the non-array object when the non-array object is accessed Whether the deviant of variable is consistent with the size information saved in the object head of the non-array object, if it is inconsistent, refusing Access absolutely.
JAVA card is a kind of CPU smart card that can run JAVA program, therefore above-mentioned apparatus can be by Java card CPU/ virtual machine and memory implemented.
Device provided in an embodiment of the present invention saves the size information of the non-array object when creating non-array object, When non-array object is accessed, the size of the deviant of the member variable of more non-array object and the non-array object can To prevent illegal user from malicious modification from accessing the deviant access of the member variable in the binary system execution file of non-array object Data except all members of non-array object, improve the safety of Java card.
Optionally, in above-mentioned apparatus, the size information of the non-array object is saved in pair of the non-array object As in head, comprising:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
Optionally, as shown in figure 3, the access control module includes verification unit 221, for working as the non-array object When accessed, the object reference of the non-array object is taken out from operation storehouse, positions the storage of accessed non-array object The size information of the non-array object is read in position from the object head of the non-array object or the object head of extension, from The offset of the member variable of accessed non-array object is read in code area, verifies the member variable of accessed non-array object Deviant it is whether consistent with the size information of the non-array object.
Optionally, as shown in figure 3, the access control module further includes control unit 222 and execution unit 223:
Described control unit 222, the deviant for the member variable when accessed non-array object are greater than described non- When the size of array object, refuse the access to the non-array object;
The execution unit 223 is less than or equal to the non-array object for the deviant when the non-array object Size when, verify the access authority of the non-array object, realized according to calculated deviant to the member variable Access.
Optionally, as shown in figure 3, the Object Creation module of described device further includes storage unit 201, being used for will be described non- The object head of array object or the object head of extension and the data of the non-array object save respectively, are in one-to-one relationship.
Device provided in an embodiment of the present invention saves the size information of the non-array object when creating non-array object, The size that non-array object can be quickly determined when non-array object is accessed is deviated by comparing the member of non-array object The size of value and the non-array object, the binary system for preventing illegal user from malicious modification from accessing non-array object execute in file The deviant of member variable accesses the data except all members of non-array object, the case where not losing Java card performance Under, guarantee the safety of Java card data access.
Below by an exemplary embodiment, the present invention is further detailed.It is assumed that non-array object abc packet Containing 5 member variables A, B, C, D, E, the index of each member variable distinguishes a1, a2, a3, a4, a5 (or call number 0~4);Just In normal situation, virtual machine takes out the object reference to be accessed (i.e. the mark of object, it is herein assumed that be abc) from operation storehouse, System can position object storage location, such as the address 00FF0000H by object reference calculating, then take out the size of object 5 (numbers in total of call number), later from the code area of store code read the member variable to be accessed offset (such as a1~ Any call number 0~4 in a5), verify object access authority (example allows read-only or allows reading and writing etc.) pass through after, into Whether whether the index value that one step verifies object accesses consistent with the index value in object head, if unanimously, according to the object Storage location and object member variable deviant (such as a1~a5 or 0~4), to corresponding member variable A, B, C, D or E into Row access, such as read, write-in.The deviant of the storage location of non-array object and member variable therein, uniquely determines The data storage area position of corresponding member variable.
In the prior art if illegal user from malicious modifies CAB file, the deviant of member variable is revised as a6 or rope Quotation marks be 5 (be more than the member variable of non-array object quantity 5 or member variable can index range 0~4), if not Protect, then the data space except the normal member variable of the non-aray variable abc of accessible or malicious modification, such as read or Data are modified, to destroy the Information Security of Java card.
In the present embodiment, when creating non-array object abc, just in the object head of the non-array object or the object of extension The size information of the non-array object is saved in head byte (for example, indexing number herein for member variable: 5);Executing visit When asking the non-array object, need to first pass through the member variable of more non-array object abc deviant whether with the non-array Whether the array size information saved in the object head of object abc is consistent.At this point, if illegal user from malicious modifies access, this is non- The deviant of the member variable of the non-array object is revised as a6 by the binary executable of array object abc, then can be with (i.e. call number is 5, rather than 0~4) has been more than size (i.e. number of members 5 or the call number of the non-array object abc it was found that a6 0~4 range), refuse access to the non-array object abc, thus the data for protecting Java card data field to save from Malice is read or modification destroys.
As long as obviously accessing the deviant of the member variable of the non-array object, have exceeded when creating the non-array object Object size is the data field other than the member for attempting to access that the non-array object, for example, the size of the non-array object is 5 or the member variable that can be indexed deviant be 0~4;As long as in the binary executable for accessing the non-array object The deviant of member variable have exceeded 0~4 range or be more than the non-array object size (i.e. member's variable number 5), Such as the deviant for accessing the member variable of non-array object is revised as 10, the embodiment of the present invention to the non-array object at Before the data field of member's variable executes operation, the size (i.e. 5 for finding that the deviant 10 is more than the non-array object can be verified Or the member variable of non-array object can index range 0~4), belong to illegal operation, refuses the visit to the non-array object It asks.Meanwhile it can be with alarm prompt.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM), including some instructions are used so that a terminal device (such as Java card) executes each embodiment of the present invention The method.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (9)

1. a kind of Java card anti-attack method characterized by comprising
When creating non-array object, the size information of the non-array object is saved in the object head of the non-array object In;
When the non-array object is accessed, the big of the non-array object is read from the object head of the non-array object Small information reads the deviant of the member variable of accessed non-array object from code area, verifies the non-array object Whether the deviant of member variable is consistent with the size information saved in the object head of the non-array object, if inconsistent, Then denied access.
2. the method as described in claim 1, which is characterized in that the size information by the non-array object is saved in institute It states in the object head of non-array object, comprising:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
3. the method as described in claim 1, which is characterized in that the member variable of the accessed non-array object of the verification Whether deviant is consistent with the size information of the non-array object, if it is inconsistent, denied access, comprising:
When the deviant of the member variable of accessed non-array object is greater than or equal to the size of the non-array object, refuse The access of the absolute non-array object;When the deviant of the member variable of the non-array object is less than the non-array object Size and when being more than or equal to 0, verify the non-array object access authority pass through after, according to calculated offset Value realizes the access to the member variable.
4. the method according to claim 1, which is characterized in that the object head of the non-array object or extension Object head and the data of the non-array object save respectively, are in one-to-one relationship.
5. a kind of Java card attack protection device characterized by comprising
Object Creation module, for the size information of the non-array object being saved in described when creating non-array object In the object head of non-array object;
Access control module, for being read from the object head of the non-array object when the non-array object is accessed The size information of the non-array object reads the deviant of the member variable of accessed non-array object, school from code area Whether the deviant for testing the member variable of the non-array object is believed with the size saved in the object head of the non-array object Breath is consistent, if it is inconsistent, denied access.
6. device as claimed in claim 5, which is characterized in that the size information by the non-array object is saved in institute It states in the object head of non-array object, comprising:
The size information of the object is saved in the object head of the non-array object or the object head of extension.
7. device as claimed in claim 5, which is characterized in that the access control module includes access control unit and access Execution unit:
The access control unit, the deviant for the member variable when accessed non-array object are greater than or equal to described When the size of non-array object, refuse the access to the non-array object;
The access execution unit, the deviant for the member variable when the non-array object are less than the non-array object Size and when being more than or equal to 0, verify the non-array object access authority pass through after, according to calculated offset Value realizes the access to the member variable.
8. such as the described in any item devices of claim 5-7, which is characterized in that the Object Creation module further includes that storage is single Member, for the object head of the object head of the non-array object or extension and the data of the non-array object to be saved respectively, In one-to-one relationship.
9. a kind of Java card, which is characterized in that including the described in any item attack protection devices of such as claim 5-8.
CN201610811587.3A 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device Active CN106485138B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610811587.3A CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610811587.3A CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Publications (2)

Publication Number Publication Date
CN106485138A CN106485138A (en) 2017-03-08
CN106485138B true CN106485138B (en) 2019-11-29

Family

ID=58274162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610811587.3A Active CN106485138B (en) 2016-09-08 2016-09-08 A kind of Java card anti-attack method and device

Country Status (1)

Country Link
CN (1) CN106485138B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088718A2 (en) * 2000-05-12 2001-11-22 Zucotto Wireless, Inc. Methods and systems for applications to interact with hardware

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102799660A (en) * 2012-07-04 2012-11-28 北京中电华大电子设计有限责任公司 JAVA card object management method
CN104133733B (en) * 2014-07-29 2017-03-29 北京航空航天大学 A kind of detecting memory errors method
CN105303115A (en) * 2015-10-29 2016-02-03 成都信息工程大学 Detection method and apparatus for out-of-bounds access bug of Java card

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001088718A2 (en) * 2000-05-12 2001-11-22 Zucotto Wireless, Inc. Methods and systems for applications to interact with hardware

Also Published As

Publication number Publication date
CN106485138A (en) 2017-03-08

Similar Documents

Publication Publication Date Title
US11113384B2 (en) Stack overflow protection by monitoring addresses of a stack of multi-bit protection codes
CN105760773B (en) The system and method for opening file by pregnable application control
JP3710671B2 (en) One-chip microcomputer, IC card using the same, and access control method for one-chip microcomputer
Iguchi-Cartigny et al. Developing a Trojan applets in a smart card
US6453397B1 (en) Single chip microcomputer internally including a flash memory
CN107643940A (en) Container creation method, relevant device and computer-readable storage medium
Rivera et al. Keeping safe rust safe with galeed
CN108229107B (en) Shelling method and container for Android platform application program
JP2003067700A (en) Memory and method for storing data structure
CN109583202A (en) System and method for the malicious code in the address space of detection procedure
CN105653906B (en) Method is linked up with based on the random anti-kernel in address
JP3878134B2 (en) Microprocessor circuit for data carrier and method for organizing access to data stored in memory
CN109587151A (en) Access control method, device, equipment and computer readable storage medium
US7596694B1 (en) System and method for safely executing downloaded code on a computer system
Hamadouche et al. Subverting byte code linker service to characterize java card api
US11507658B2 (en) Systems and methods for exploit prevention and malicious code neutralization using non-predictable results for JavaScript-enabled applications
CN113886288A (en) Resource access control method, system, equipment and storage medium based on ARM architecture
CN106485138B (en) A kind of Java card anti-attack method and device
Lancia et al. Java card virtual machine compromising from a bytecode verified applet
Bouffard et al. The Next Smart Card Nightmare: Logical Attacks, Combined Attacks, Mutant Applications and Other Funny Things
KR102028704B1 (en) Method for Protecting Memory Against Code Insertion Attacks in Electronic Device
US20080275917A1 (en) Itso Fvc2 Application Monitor
Farhadi et al. Chronicle of a Java Card death
CN106127054A (en) A kind of system-level safety protecting method towards smart machine control instruction
US11893113B2 (en) Return-oriented programming protection

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20200806

Address after: 2505 COFCO Plaza, No.2, nanmenwai street, Nankai District, Tianjin

Patentee after: Xin Xin finance leasing (Tianjin) Co.,Ltd.

Address before: 100094 No. 6 Yongjia North Road, Beijing, Haidian District

Co-patentee before: DATANG SEMICONDUCTOR DESIGN Co.,Ltd.

Patentee before: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20211102

Address after: 100094 No. 6 Yongjia North Road, Beijing, Haidian District

Patentee after: DATANG MICROELECTRONICS TECHNOLOGY Co.,Ltd.

Patentee after: DATANG SEMICONDUCTOR DESIGN Co.,Ltd.

Address before: 300110 2505 COFCO Plaza, No. 2, nanmenwai street, Nankai District, Tianjin

Patentee before: Xin Xin finance leasing (Tianjin) Co.,Ltd.

TR01 Transfer of patent right