2018
DOI: 10.1002/cpe.4794
|View full text |Cite
|
Sign up to set email alerts
|

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Abstract: Fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in differe… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
18
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
3
2

Relationship

1
4

Authors

Journals

citations
Cited by 12 publications
(19 citation statements)
references
References 33 publications
0
18
0
Order By: Relevance
“…The faults may be injected into the program before or after the model is constructed, but the model is then tested for specific behaviours or properties and the results used to reason about the behaviour of the program. The second is becoming more popular in recent works [13,14] as formal methods can be used on the model that allow for reasoning about all possible outcomes, and verifying when properties of the model may hold. Note that a vulnerability can be defined rather abstractly in many software based approaches since no clearly observable behaviour is required, merely some definition of how to define vulnerability for the simulation or model.…”
Section: Software-based Fault Injection Approachesmentioning
confidence: 99%
See 3 more Smart Citations
“…The faults may be injected into the program before or after the model is constructed, but the model is then tested for specific behaviours or properties and the results used to reason about the behaviour of the program. The second is becoming more popular in recent works [13,14] as formal methods can be used on the model that allow for reasoning about all possible outcomes, and verifying when properties of the model may hold. Note that a vulnerability can be defined rather abstractly in many software based approaches since no clearly observable behaviour is required, merely some definition of how to define vulnerability for the simulation or model.…”
Section: Software-based Fault Injection Approachesmentioning
confidence: 99%
“…Software-based simulations do not require expensive or dedicated hardware and can be run on most computing devices easily [26]. Also with various software tools being developed and matured, limited expertise is needed to plug together a toolchain to do fault injection vulnerability detection [13,14]. Such a toolchain can then be automated to detect fault injection vulnerabilities without direct oversight or intervention.…”
Section: Software-based Fault Injection Approachesmentioning
confidence: 99%
See 2 more Smart Citations
“…Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. Given‐Wilson et al propose extension of a recently published general model checking–based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real‐world implementations.…”
Section: Scanning the Issuementioning
confidence: 99%