Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
SP
2003
IEEE
2003
IEEE
Using Memory Errors to Attack a Virtual Machine
We present an experimental study showing that soft memory errors can lead to serious security vulnerabilities in Java and .NET virtual machines, or in any system that relies on type-checking of untrusted programs as a protection mechanism. Our attack works by sending to the JVM a Java program that is designed so that almost any memory error in its address space will allow it to take control of the JVM. All conventional Java and .NET virtual machines are vulnerable to this attack. The technique of the attack is broadly applicable against other language-based security schemes such as proof-carrying code. We measured the attack on two commercial Java Virtual Machines: Sun’s and IBM’s. We show that a singlebit error in the Java program’s data space can be exploited to execute arbitrary code with a probability of about 70%, and multiple-bit errors with a lower probability. Our attack is particularly relevant against smart cards or tamper-resistant computers, where the user has physic...
Real-time TrafficJava | Memory Error | Security Privacy | SP 2003 | Virtual Machines |
Related Content
| Added | 05 Jul 2010 |
| Updated | 05 Jul 2010 |
| Type | Conference |
| Year | 2003 |
| Where | SP |
| Authors | Sudhakar Govindavajhala, Andrew W. Appel |
Comments (0)
Researcher Info
|
