Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card

Abstract : Verification of the resistance of attacks against embedded implementations of the Java Card bytecode verifiers is a complex task. Current methods are not sufficient, only the generation of manual testing is possible. To automate this process, we propose a method called VTG (Vulnerability Test Generation). Based on a formal representation of the functional behavior of the system under test, a set of intrusion test is generated. This method is based on techniques of mutation and model-based testing. Initially, the model is transferred according to rules that we have defined to represent potential attacks. The tests are then extracted from the mutant models. Two Event-B models have been proposed. The first represents the structural constraints of the Java Card application files. The VTG allows in seconds to generate hundreds of abstract tests. The second model is composed of 66 events to represent 61 Java Card instructions. The mutation is effected in a few seconds. Extraction tests to generate 223 test 45 min. Each test checks a precondition or a combination of preconditions of a statement. This method allowed us to test different implementations of mechanisms through Java Card bytecode verifier. Although developed for our case study, the proposed method is generic and has been applied to other case studies.
Document type :
Theses
Complete list of metadatas

Cited literature [64 references]  Display  Hide  Download

https://tel.archives-ouvertes.fr/tel-01369017
Contributor : Abes Star <>
Submitted on : Friday, September 23, 2016 - 4:26:22 PM
Last modification on : Thursday, May 17, 2018 - 4:09:09 AM
Long-term archiving on: Saturday, December 24, 2016 - 12:20:51 PM

File

2016LIMO0048.pdf
Version validated by the jury (STAR)

Identifiers

  • HAL Id : tel-01369017, version 1

Collections

Citation

Aymerick Savary. Détection de vulnérabilités appliquée à la vérification de code intermédiaire de Java Card. Système d'exploitation [cs.OS]. Université de Limoges, 2016. Français. ⟨NNT : 2016LIMO0048⟩. ⟨tel-01369017⟩

Share

Metrics

Record views

266

Files downloads

702