Fault tolerance evaluation using two software based fault injection methods

Lecture Notes in Computer Science

Legay

2018

Fault injection is a well known method to test the robustness and security vulnerabilities of software. Fault injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of fault injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to fault injection vulnerability detection, and validating software and hardware results with one another.

Section: Software Based Approachmentioning

confidence: 99%

The State of Fault Injection Vulnerability Detection

Lecture Notes in Computer Science

Legay

2018

“…Less closely related works include the work of Ademaj et al that tests for robustness using both software and hardware fault injection (validating software with hardware) and the work of Dureuil et al that starts from the hardware model and use this to simulate faults on the assembly code of a program.…”

Section: Related Workmentioning

confidence: 99%

An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Heuser²,

Concurrency and Computation

et al. 2018

Fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in different cryptographic implementations.

“…Less closely related works include: [25] that tests for robustness using both software and hardware fault injection, the latter to validate the former; and [26] that start from the hardware model and use this to simulate faults on the assembly code of a program.…”

Section: Related Workmentioning

confidence: 99%

An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT

2017 IEEE Trustcom/BigDataSE/Icess

Lanet

et al. 2017

Recently fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes a general process without these limitations that uses model checking to detect fault injection vulnerabilities in binaries. The efficacy of this process is demonstrated by detecting vulnerabilities in the PRESENT binary.