IBM experiments in soft fails in computer electronics (1978–1994)
IBM Journal of Research and Development - Special issue: terrestrial cosmic rays and soft errors
Field testing for cosmic ray soft errors in semiconductor memories
IBM Journal of Research and Development - Special issue: terrestrial cosmic rays and soft errors
A certifying compiler for Java
PLDI '00 Proceedings of the ACM SIGPLAN 2000 conference on Programming language design and implementation
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
An Experimental Study of Security Vulnerabilities Caused by Errors
DSN '01 Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS)
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Merging paradigms of survivability and security: stochastic faults and designed faults
Proceedings of the 2003 workshop on New security paradigms
Dynamic label binding at run-time
Proceedings of the 2003 workshop on New security paradigms
Turing is from Mars, Shannon is from Venus: Computer Science and Computer Engineering
IEEE Security and Privacy
IEEE Security and Privacy
Proceedings of the 12th ACM conference on Computer and communications security
Static typing for a faulty lambda calculus
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Deconstructing process isolation
Proceedings of the 2006 workshop on Memory system performance and correctness
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Starc: static analysis for efficient repair of complex data
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
The security of the Fiat--Shamir scheme in the presence of transient hardware faults
ACM Transactions on Embedded Computing Systems (TECS)
Towards self-propagate mal-packets in sensor networks
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Secretly monopolizing the CPU without superuser privileges
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Coping with Outside-the-Box Attacks
CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
Malicious Code on Java Card Smartcards: Attacks and Countermeasures
CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Classification of Component Vulnerabilities in Java Service Oriented Programming (SOP) Platforms
CBSE '08 Proceedings of the 11th International Symposium on Component-Based Software Engineering
Self-healing control flow protection in sensor applications
Proceedings of the second ACM conference on Wireless network security
DRAM errors in the wild: a large-scale field study
Proceedings of the eleventh international joint conference on Measurement and modeling of computer systems
Smart cards and remote computing: Interaction or convergence?
Information Security Tech. Report
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
Optimal resilient sorting and searching in the presence of memory faults
Theoretical Computer Science
Counting in the Presence of Memory Faults
ISAAC '09 Proceedings of the 20th International Symposium on Algorithms and Computation
A realistic evaluation of memory hardware errors and software system susceptibility
USENIXATC'10 Proceedings of the 2010 USENIX conference on USENIX annual technical conference
Vision for cross-layer optimization to address the dual challenges of energy and reliability
Proceedings of the Conference on Design, Automation and Test in Europe
SegSlice: towards a new class of secure programming primitives for trustworthy platforms
TRUST'10 Proceedings of the 3rd international conference on Trust and trustworthy computing
HotDep'10 Proceedings of the Sixth international conference on Hot topics in system dependability
Cryptography with tamperable and leaky memory
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Java type confusion and fault attacks
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Experimental study of resilient algorithms and data structures
SEA'10 Proceedings of the 9th international conference on Experimental Algorithms
Faulty logic: reasoning about fault tolerant programs
ESOP'10 Proceedings of the 19th European conference on Programming Languages and Systems
Attacks on java card 3.0 combining fault and logical attacks
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Resilient algorithms and data structures
CIAC'10 Proceedings of the 7th international conference on Algorithms and Complexity
Application-Replay attack on java cards: when the garbage collector gets confused
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Synchronized attacks on multithreaded systems - application to java card 3.0 -
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Java card operand stack: fault attacks, combined attacks and countermeasures
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Using faults for buffer overflow effects
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Designing reliable algorithms in unreliable memories
Computer Science Review
Priority queues resilient to memory faults
WADS'07 Proceedings of the 10th international conference on Algorithms and Data Structures
Java card combined attacks with localization-agnostic fault injection
CARDIS'12 Proceedings of the 11th international conference on Smart Card Research and Advanced Applications
Comprehensive analysis of software countermeasures against fault attacks
Proceedings of the Conference on Design, Automation and Test in Europe
Journal of Systems and Software
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
Control-flow integrity principles, implementations, and applications
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.00 |
We present an experimental study showing that softmemory errors can lead to serious security vulnerabilitiesin Java and .NET virtual machines, or in any system thatrelies on type-checking of untrusted programs as a protectionmechanism. Our attack works by sending to the JVMa Java program that is designed so that almost any memoryerror in its address space will allow it to take controlof the JVM. All conventional Java and .NET virtual machinesare vulnerable to this attack. The technique of theattack is broadly applicable against other language-basedsecurity schemes such as proof-carrying code.We measured the attack on two commercial Java VirtualMachines: Sun's and IBM's. We show that a single-biterror in the Java program's data space can be exploitedto execute arbitrary code with a probability ofabout 70%, and multiple-bit errors with a lower probability.Our attack is particularly relevant against smart cardsor tamper-resistant computers, where the user has physicalaccess (to the outside of the computer) and can usevarious means to induce faults; we have successfully usedheat. Fortunately, there are some straightforward defensesagainst this attack.