Due to the different hardware configurations which may be used to execute software applications, a particular programming language, termed intermediate programming language, is frequently used. It enables developers to write applications using high-level programming languages, independently of the hardware architectures on which those applications must be executed. The files generated by the developers, in conformity with those high-level languages, are compiled (independently of specific hardware platforms) to produce application files based on the intermediate programming language. A particular software layer, known by the name virtual machine, specific to a particular hardware platform, then enables the execution of applications based on application files using the intermediate programming language.
By way of illustration, an application written in the Java programming language (Java is a trademark) may be compiled into Java bytecode (sometimes also referred to as pseudo-code), that is to say in an intermediate programming language that can be executed by a Java virtual machine on platforms having different hardware characteristics. Java virtual machines are specific to each hardware platform whereas the code of the application, in intermediate programming language, is common to those different platforms.
While the virtual machines must be in conformity with given specifications to enable the execution of applications coded in intermediate programming language, several types of virtual machines nevertheless exist that are adapted to the type of hardware platforms on which the applications are executed. Typically, these virtual machines are distinguished from each other by their instruction sets of differing extent.
Thus, for example, there are particular Java virtual machines, known under the name of Java Card, for hardware platforms such as microcircuit cards.
FIG. 1 is a diagrammatic illustration of steps of a method 100 for generating files that can be executed by a virtual machine for microcircuit cards. The application concerned here is a Java type application.
As illustrated, the source files 105 written in Java language, that is to say a high-level language, are compiled in a compiler 110 to produce files 115 in intermediate programming language, known under the name of Class type files. These files are in conformity with a virtual machine standard. The files 115 are then converted in a converter 120 to put them in conformity with a particular virtual machine, here Java Card. The converted files, referenced 125, are of Cap type here. The conversion made by the converter 120 is intended to simplify the instructions of the intermediate programming language in order for the files 115 to be able to be executed by a simplified virtual machine. Such a conversion is in particular directed to deleting certain types of variables, in particular Boolean type variables.
In other words, files of instructions in source code in Java format are compiled here using a Java compiler into bytecode instruction files in class format. These Class files are executable by numerous Java virtual machines but not by the Java Card virtual machine which does not contain the entire Java instruction set. These Class files are therefore converted using a Java Card converter in order to obtain a file in Cap format which is executable by a Java Card virtual machine.
To execute an application written in intermediate programming language, whether or not converted, a virtual machine has available an instruction set particular to itself and an execution stack. However, although the execution of an application by a virtual machine has a certain level of security, the Java applications executed by virtual machines, in particular by Java Card, are liable to attacks, in particular fault injection attacks. This type of attack consists in injecting a fault at the time of the execution of the application to change a value on which a computation is made or to force the execution of certain routines or branches of the application.
To counter this type of attack, the code of certain applications is redundant in order to perform checks during its execution. Although such a solution enables the security of execution of the applications to be improved, it requires substantial resources. To mitigate this drawback, patent application US 2009/0165149 proposes a method of executing an application compiled in intermediate programming code on a portable digital apparatus equipped with a virtual execution machine for the interpretation of the intermediate code, comprising a step of applying a secure execution mode in which the interpretation of the intermediate code by the virtual machine comprises the following steps:                for each item of data of the code manipulated for the execution of an arithmetical and/or logical operation defined by the code, generating an item of check data linked to said item of data of the code by the intermediary of a predetermined function; and,        in parallel with the execution of said operation, execute a checking operation linked to said operation defined by the intermediate code of said predetermined function and acting on the item or items of check data. However, such a solution requires substantial modification to the virtual machine used.        
The invention enables at least one of the problems set forth above to be solved.