Link-time smart card code hardening

Keulenaer, Ronald De; Maebe, Jonas; Bosschere, Koen De; Sutter, Bjorn De

doi:10.1007/s10207-015-0282-0

Cited by 11 publications

(13 citation statements)

References 41 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The weakness detection and code securing processes can be performed at different code levels: source code [6], any intermediate code such as during the compilation process [7,8], or binary code [9]. Working at the assembly or binary code level seems to be the most adapted level when considering physical faults.…”

Section: Introductionmentioning

confidence: 99%

“…However, identification of weaknesses requires determining the faults that have an impact on the program security to understand their effect for adding a protection code to counteract them. At these levels, high-level information such as sensitive variables and control flow is not directly available owing to loss of information to code transformations and code optimization during the compilation process [10,11,9]. Matching assembly instructions with the source code to retrieve semantics about high-level elements is not trivial; moreover, sometimes, it is impossible and time consuming if manually performed.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

Fault attacks can target smart card programs to disrupt an execution and take control of the data or the embedded functionalities. Among all possible attacks, control-flow attacks aim at disrupting the normal execution flow. Identifying harmful control-flow attacks and designing countermeasures at the software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful inter-and intra-procedural jump attacks at the source code level and automatically inject formally proven countermeasures into a C code. The proposed software countermeasures protect the integrity of individual statements at the granularity of single C statements. They support many control-flow constructs of the C language. The countermeasure scheme can detect an attack early either inside a control-flow construct or only at its exit. The secured source code defeats 100% of attacks that jump over at least two C source code statements. Experiments showed that the resulting code is also hardened against unexpected function calls and jump attacks at the assembly code level. Securing a source code automatically and extensively with our scheme degrades the performance. The performance overhead of our countermeasures on three well-known encryption algorithms available in C ranged from +41% to +138% on an x86 platform and from +45% to +217% on an ARM-v7 platform. However, combining code rewriting with hardening of sensitive code regions identified by the weakness detection step enables an application to be fully hardened while limiting the overhead.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Formally verified software countermeasures for control-flow integrity of smart card C code

Heydemann¹,

Lalande²,

Berthomé³

2019

Computers & Security

View full text Add to dashboard Cite

show abstract

“…Loop iteration counter duplication, because it attempts to guard the control flow of a loop, and uses some clever tricks to do so (e.g. inverting the condition of a branch) [20]. 3. instruction duplication, since the principal idea behind this technique is widely applicable [12].…”

Section: Evaluating and Improving Robustness Of Countermeasuresmentioning

confidence: 99%

“…al. in a prototype link-time code rewriter [20], to show that it is possible to apply those protections automatically, and with an acceptable overhead. The technique we describe here is referred to by the authors as memory store verification.…”

Section: Memory Store Verificationmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Goubet

Heydemann

Encrenaz

et al. 2016

Smart Card Research and Advanced Applications

Self Cite

View full text Add to dashboard Cite

Abstract. This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against faultinjection attacks. By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths. Using the tool we developed, we evaluated the robustness of state-of-theart countermeasures against fault injection attacks. Based on insights gathered from this evaluation, we analyze any remaining weaknesses and propose applications of these countermeasures that are more robust.

show abstract

Automatic Application of Software Countermeasures Against Physical Attacks

Belleville

Heydemann

Couroussé

et al. 2018

Cyber-Physical Systems Security

View full text Add to dashboard Cite

While the number of embedded systems is continuously increasing, securing software against physical attacks is costly and error-prone. Several works proposed solutions that automatically insert protections against these attacks in order to reduce this cost and this risk of error. In this paper, we present a survey of existing approaches, and classify them by the level at which they apply the countermeasure. We consider three different levels: the source code level, the compilation level and the assembly/binary level. We explain the advantages and disadvantages of each level considering different criteria. Finally, we encourage future works to take compilation into account when designing tools, to consider the problem of combining countermeasures, as well as the interactions between countermeasures and compiler optimisa-

show abstract

Link-time smart card code hardening

Cited by 11 publications

References 41 publications

Formally verified software countermeasures for control-flow integrity of smart card C code

Formally verified software countermeasures for control-flow integrity of smart card C code

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification

Automatic Application of Software Countermeasures Against Physical Attacks

Contact Info

Product

Resources

About