The main idea here is to propose to strengthen virtual machine security by reducing the possibility for an attacker to obtain information using a fault attack. In a first approach we work at the application level in order to propose a first line of defense. We suggest a methodology and a tool that assist the developer or the security evaluator to evaluate the probability an attacker could obtain information. Then some indication can be attached to the application and provide to the virtual machine as clues to force the execution engine to enter in a secure mode. This is the subject of the PhD of Ahmadou Sere .
We want to provide here some direction to solve the problem of fixing security patches to a system, for which the service cannot be interrupted, the network bandwidth is restricted and the device is resource constrained. Up to now, when a cryptographic algorithm is broken the only solution is to proceed to a renewal of all the on-the-field smart cards. The idea here is to provide adapted solutionà la OSGI for next generation smart cards (i.e. Java Card 3.0 Connected Edition). This is the research theme of Agnès Noubissi PhD.
For old fashion Java Card (Java Card 3.0 Classic Edition) or ot Net card we investigate how it is possible to gain access to some part of the system in order to design new protection against attackers. For that purpose we develop a framework (the library OPAL) to automate access to the card.
We develop here a component that should detect irrelevant http response to http request on a Java Card 3.0 Connected Edition that could embed attacks against the smart card web server.
This page may have a more recent version on pmwiki.org: PmWiki:LogicalSecurity, and a talk page: PmWiki:LogicalSecurity-Talk.