Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Lackner, Michael; Berlach, Reinhard; Weiß, Reinhold; Steger, Christian

doi:10.1145/2556315.2556317

Cited by 4 publications

(2 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These hardware blocks aim at protecting the runtime environment. Lackner et al designed mitigation to prevent type confusion onto the stack [24,25] and the heap [8]. In his master's thesis, Zelle [46] describes how to protect the Java Card firewall through a Memory Protection Unit (MPU).…”

Section: Related Workmentioning

confidence: 99%

Java Card Virtual Machine Memory Organization: a Design Proposal

Bouffard¹,

Giraud²,

Gaspard³

2021

Preprint

View full text Add to dashboard Cite

The Java Card Virtual Machine (JCVM) platform is widely deployed on security-oriented components. JCVM implementations are mainly evaluated under security schemes. However, existing implementation are close-source without detail. We believe studying how to design JCVM will improve them and it can be reused by the community to improve Java Card security. In 2018, Bouffard et al. [6] introduced an Operating System (OS) which aims at running JCVM compatible implementation. This OS is compatible with several Commercially available Off-The-Shelf (COTS) components. This is a first step to design a secure JCVM platform. However, some important details are missing to design a secure-oriented Java Card platform. In this article, we focus on the JCVM memory. This memory contains everything required to run JCVM and applets. Currently, JCVM memory is out of the Java Card specification and each JCVM developer use his own approach. Based on the existing tools and documentation, we explain how to extract from the Java Card toolchain every data required by applets and JCVM. When data to store in memory are identified, this article introduces how to organize required data onto JCVM memory.

show abstract

Section: Related Workmentioning

confidence: 99%

Java Card Virtual Machine Memory Organization: a Design Proposal

Bouffard¹,

Giraud²,

Gaspard³

2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Consequently, numerous studies on obfuscation have turned to quantitative measures when evaluating their techniques. These studies primarily utilize metrics like McCabe cyclomatic complexity [16,12,17,13,18], Line of Code (LoC) [12,[19][20][21], and runtime overhead [9,[22][23][24][25][26]. Nonetheless, there are limitations to assessing obfuscation quality when just a single or a small number of evaluation indicators are used.…”

Section: Introductionmentioning

confidence: 99%

A Framework to Quantify the Quality of Source Code Obfuscation

Jin,

Lee,

Yang

et al. 2024

Preprint

View full text Add to dashboard Cite

Malicious reverse engineering of software has served as a valuable technique that attackers can use to infringe upon and steal intellectual property. To protect against such attackers, we can employ obfuscation techniques as useful tools to safeguard software. Applying obfuscation techniques to source code can effectively prevent malicious attackers from reverse engineering a program. However, the ambiguity surrounding the protective efficacy of these source code obfuscation tools and techniques presents challenges for users in evaluating and comparing the varying degrees of protection provided. This paper attempts to address these issues and presents a methodology to quantify the effect of source code obfuscation. Our proposed method is based on three main types of data: (1) the control flow graph, (2) the program path, and (3) the performance overhead added to the process---all of which are derived from a program analysis conducted by human experts and automated tools. For the first time, we have implemented a tool that can quantitatively evaluate the quality of obfuscation techniques. Then, to validate the effectiveness of the implemented framework, we conducted experiments using four widely recognized commercial and open-source obfuscation tools. Our experimental findings, based on quantitative values related to obfuscation techniques, demonstrate that our proposed framework effectively assesses obfuscation quality.

show abstract

Measuring Software Obfuscation Quality–A Systematic Literature Review

2021

View full text Add to dashboard Cite

Software obfuscation techniques are increasingly being used to prevent attackers from exploiting security flaws and launching successful attacks. With research on software obfuscation techniques rapidly growing, many software obfuscation techniques with varying quality and strength have been proposed in the literature. However, the literature on obfuscation techniques has not yet been coherently collated and reviewed. This research paper aims to present an overview of state-of-the-art software obfuscation techniques, focusing on quality and strength. A systematic analysis and synthesis of literature published between 2010 and April 2021 has been performed to identify the common measures to quantify obfuscation and their measures, the publication venue, and the home country of the researchers. We have identified the obfuscation quality attributes, such as potency, resilience, cost, stealth, and similarity, that are the most widely used metrics to evaluate the quality of obfuscation techniques. In addition, different measures have been used to quantify these qualities, such as complexity (to measure potency), human effort (to measure resilience), efficiency (to estimate cost), and multiclass performance metrics, distance measures, and matching method (to quantify similarity). These measures were then categorized into sub-measures. The literature lacks research in the following two areas: empirical research using a case study strategy, i.e., realworld datasets, and measurements of obfuscation stealth. Researchers did not address stealth as clearly as they addressed potency, cost, and similarity.

show abstract

Countering type confusion and buffer overflow attacks on Java smart cards by data type sensitive obfuscation

Cited by 4 publications

References 16 publications

Java Card Virtual Machine Memory Organization: a Design Proposal

Java Card Virtual Machine Memory Organization: a Design Proposal

A Framework to Quantify the Quality of Source Code Obfuscation

Measuring Software Obfuscation Quality–A Systematic Literature Review

Contact Info

Product

Resources

About