Browsing by Author "Lanet, Jean-Louis"
Now showing 1 - 10 of 10
- Results Per Page
- Sort Options
Item A formal verification of dynamic updating in a Java-based embedded system(Inderscience, 2017) Lounas, Razika; Mezghiche, Mohamed; Lanet, Jean-LouisDynamic software updating (DSU) consists in updating running programs on the fly without any downtime. This feature is interesting in critical applications that must run continuously. Because updates may lead to safety errors and security breaches, the question of their correctness is raised. Formal methods are a rigorous means to ensure the correctness required by applications using DSU. In this paper, we present a formal verification of correctness of DSU in a Java-based embedded system. Our approach is based on three major contributions. First, a formal interpretation of the semantic of update operations to ensure type safety of the update. Secondly, we rely on a functional representation of bytecode, the predicate transformation calculus and a functional model of the update mechanism to ensure the behavioural correctness of the updated programs. It is based on the use of Hoare predicate transformation to derive a specification of an updated bytecode. Thirdly, we use the functional representation to model the safe update point detectionItem A formal verification of safe update point detection in dynamic software updating(Springer, 2017) Lounas, Razika; Jafri, Nisrine; Legay, Axel; Mezghiche, Mohamed; Lanet, Jean-LouisItem The hell forgery : self modifying codes shoot Again(2017) Mesbah, Abdelhak; Regnaud, Leo; Lanet, Jean-Louis; Mezghiche, MohamedItem Hiding a fault enabled virus through code construction(2020) Hamadouche, Samiya; Lanet, Jean-Louis; Mezghiche, MohamedSmart cards are very secure devices designed to execute applica-tions and store confidential data. Therefore, they become the target of manyhardware and software attacks that aim to bypass their embedded securitymechanisms in order to gain access to the sensitive stored data. Recently, anew kind of attacks called combined attacks has appeared. They aim to induceperturbations in the application’s execution environment. Thus, correct andlegitimate application can be dynamically modified to become a hostile one af-ter being loaded in the card using a fault injection. In this paper, we treat theproblem from another angle: how to design an innocent looking code in sucha way that it becomes intentionally hostile after being activated by a fault in-jection? We present an original approach of backward code construction basedon constraints satisfaction and a tree traversal algorithm. After that, we pro-pose a way to optimize the search process by introducing heuristics for a fasterconvergence towards more realistic solutions.We implement this approach inaTrace Generatortool; thereafter evaluate its capacity to generate the re-quired solutions while giving a proof-of-concept of the code desynchronizationtechniqueItem Machine learning techniques to predict sensitive patterns to fault attack in the Java Card application(Taylor & Francis, 2017) Yahaoui, Chehrazed; Lanet, Jean-Louis; Mezghiche, Mohamed; Tamine, KarimItem Persistent fault injection attack from white-box to black-box(IEEE, 2017) Mesbah, Abdelhak; Mezghiche, Mohamed; Lanet, Jean-LouisAmong the protection mechanisms that ensure the Java Card security, the Byte Code Verifier (BCV) is one of the most important security elements. In fact, embedded applets must be verified prior installation. This prevents ill-formed applet to be loaded. In this article, the behavior of the Oracle BCV towards some unchecked piece of codes is analyzed, and the way to bypass the BCV is highlighted. Then, we demonstrate how one can use this breach to access to the system data of a frame, and persistently activate any code. Using both a white-box approach and fault injection that can transform a well-formed code to an ill-formed one during runtime executionItem Recognition of sensitive patterns to the fault attack in the java card application(HAL, 2013) Yahiaoui, Chahrazed; Lanet, Jean-Louis; Mezghiche, Mohamed; Tamine, KarimItem Reverse engineering a Java Card memory management algorithm(2017) Mesbah, Abdelhak; Lanet, Jean-Louis; Mezghiche, MohamedItem Reverse engineering Java Card and vulnerability exploitation : a shortcut to ROM(Springer, 2017) Mesbah, Abdelhak; Lanet, Jean-Louis; Mezghiche, MohamedItem Towards a general framework for formal reasoning about java bytecode transformation(2013) Lounas, Razika; Mezghiche, Mohamed; Lanet, Jean-Louis