Towards the Hardware Accelerated Defensive Virtual Machine – Type and Bound Protection

  • Michael Lackner
  • Reinhard Berlach
  • Johannes Loinig
  • Reinhold Weiss
  • Christian Steger
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7771)


Currently, security checks on Java Card applets are performed by a static verification process before executing an applet. A verified and later unmodified applet is not able to break the Java Card sand-box model. Unfortunately, this static verification process is not a countermeasure against physical run-time attacks corrupting the control or data flow of an applet. In this piece of work, designs for Java Card Virtual Machines are investigated in relation to their ability to perform run-time security checks. These security checks are accelerated by hardware units and performed in parallel to CPU instructions that are executing concurrently. Attacks on the Java operand stack and local variables, which are elementary components for the Virtual Machine, are thwarted by type and bound protection. To enable these hardware checks, different designs of a defensive Java Card Virtual Machine are compared to their overheads on a prototype platform.


Java Card Defensive Virtual Machine Hardware Countermeasure Fault Attack Logical Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. Proceedings of the IEEE 94(2), 370–382 (2006)CrossRefGoogle Scholar
  2. 2.
    Barbu, G., Duc, G., Hoogvorst, P.: Java Card Operand Stack: Fault Attacks, Combined Attacks and Countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on Java Card 3.0 Combining Fault and Logical Attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Barthe, G., Dufay, G., Jakubiec, L., de Sousa, S.M.: A Formal Correspondence between Offensive and Defensive JavaCard Virtual Machines. In: Cortesi, A. (ed.) VMCAI 2002. LNCS, vol. 2294, pp. 32–45. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Bouffard, G., Iguchi-Cartigny, J., Lanet, J.-L.: Combined Software and Hardware Attacks on the Java Card Control Flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    IEEE: Open SystemC Language Reference Manual IEEE Std 1666-2005, IEEEGoogle Scholar
  7. 7.
    Iguchi-Cartigny, J., Lanet, J.L.: Developing a Trojan applets in a smart card. Journal in Computer Virology 6, 343–351 (2010)CrossRefGoogle Scholar
  8. 8.
    Krieg, A., Grinschgl, J., Steger, C., Weiss, R., Haid, J.: A Side Channel Attack Countermeasure using System-On-Chip Power Profile Scrambling. In: 2011 IEEE 17th International On-Line Testing Symposium (IOLTS), pp. 222–227 (July 2011)Google Scholar
  9. 9.
    Leroy, X.: Java Bytecode Verification: An Overview. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 265–285. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Mostowski, W., Poll, E.: Malicious Code on Java Card Smartcards: Attacks and Countermeasures. In: Grimaud, G., Standaert, F.-X. (eds.) CARDIS 2008. LNCS, vol. 5189, pp. 1–16. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Oracle: Runtime Environment Specification. Java Card Platform, Version 3.0.4, Classic Edition (2011)Google Scholar
  12. 12.
    Oracle: Virtual Machine Specification. Java Card Platform, Version 3.0.4, Classic Edition (2011)Google Scholar
  13. 13.
    Séré, A.A.K., Iguchi-Cartigny, J., Lanet, J.-L.: Checking the Paths to Identify Mutant Application on Embedded Systems. In: Kim, T.-H., Lee, Y.-H., Kang, B.-H., Ślęzak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 459–468. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Sere, A., Iguchi-Cartigny, J., Lanet, J.L.: Evaluation of Countermeasures Against Fault Attacks on Smart Cards. International Journal of Security and Its Applications 5(2), 49–61 (2011)Google Scholar
  15. 15.
    Sun Microsystems Inc.: Java Card 2.2 Off-card Verifier. White Paper (June 2002)Google Scholar
  16. 16.
    Vertanen, O.: Java Type Confusion and Fault Attacks. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 237–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Vetillard, E., Ferrari, A.: Combined Attacks and Countermeasures. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 133–147. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  18. 18.
    Witteman, M.: Advances in Smartcard Security. Information Security Bulletin, 11–22 (July 2002)Google Scholar
  19. 19.
    Witteman, M.: Java Card Security. Information Security Bulletin, 291–298 (July 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Michael Lackner
    • 1
  • Reinhard Berlach
    • 1
  • Johannes Loinig
    • 2
  • Reinhold Weiss
    • 1
  • Christian Steger
    • 1
  1. 1.Institute for Technical InformaticsGraz University of TechnologyGrazAustria
  2. 2.NXP Semiconductors Austria GmbHGratkornAustria

Personalised recommendations