Microarchitecture-aware Fault Models: Experimental Evidence and Cross-Layer Inference Methodology

Alshaer, Ihab; Colombier, Brice; Deleuze, Christophe; Beroulle, Vincent; Maistri, Paolo

doi:10.1109/dtis53253.2021.9505074

Cited by 3 publications

(10 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…On the basis of this evidence, we are now more confident that the gap between previous studies can be addressed by the proposed methodology [21]. This can be done by providing a cross-layer analysis of code and microarchitectural vulnerabilities while performing fault injections and simulations at three distinct levels: hardware/physical, RTL, and software levels.…”

Section: Institute Of Engineering Univ Grenoble Alpesmentioning

confidence: 93%

“…In this article, which is an extended version of our work in [21], we present additional experiments for different target boards. These experiments provide additional clues for illustrating the difficulty of characterizing fault effects resulting from physical injections.…”

Section: Institute Of Engineering Univ Grenoble Alpesmentioning

confidence: 99%

“…Also, different corrupted values are observed, for instance, R0 had right shift by 8, 16 or 24 bits in the first experiment, but in the second, it had only reset. In addition to that, in [21], similar target program was used for the same target board but with different registers, and some of the obtained faults were different. For example, the propagation effect on the ADD instruction of line three in Listing 1 was obvious, but this time, it is not observed for the Cortex-M4 board.…”

Section: Target Program Dependencymentioning

confidence: 99%

See 2 more Smart Citations

Cross-layer inference methodology for microarchitecture-aware fault models

Alshaer¹,

Colombier²,

Deleuze³

et al. 2022

Microelectronics Reliability

Self Cite

View full text Add to dashboard Cite

Section: Institute Of Engineering Univ Grenoble Alpesmentioning

confidence: 93%

Section: Institute Of Engineering Univ Grenoble Alpesmentioning

confidence: 99%

Section: Target Program Dependencymentioning

confidence: 99%

See 1 more Smart Citation

Cross-layer inference methodology for microarchitecture-aware fault models

Alshaer¹,

Colombier²,

Deleuze³

et al. 2022

Microelectronics Reliability

Self Cite

View full text Add to dashboard Cite

“…To perform the fault injection, a physical interference needs to be applied to the digital device. The interference can be in a form of radiations [1], laser beams [2], [3], electromagnetic (EM) pulses [4], [5], variations in the power supply [6], perturbations to the clock signal [7], [8], or changing the 1 Institute of Engineering Univ. Grenoble Alpes environmental conditions such as the temperature [9], just to cite the most widespread techniques.…”

Section: Introductionmentioning

confidence: 99%

“…The majority of the proposed fault models, in fact, describe the effects on the instruction itself: for this reason, instruction skip and instruction corruption are the most used models. In particular, the instruction skip (which can also be described as a replacement with one or more NOPs) can affect one [5], [7], [8], two [8] or multiple instructions [3], [4], [10]. It is important to highlight, however, that in all of the previous works, the authors always refer to the skip model only for complete instructions, either one or more.…”

Section: Introductionmentioning

confidence: 99%

Variable-Length Instruction Set: Feature or Bug?

Alshaer

Colombier

Deleuze

et al. 2022

2022 25th Euromicro Conference on Digital System Design (DSD)

Self Cite

View full text Add to dashboard Cite

With the increasing complexity of digital applications, the use of variable-length instruction sets became essential, in order to achieve higher code density and thus better performance. However, security aspects must always be considered, in particular with the significant improvement of attack techniques and equipment. Fault injection, in particular, is among the most interesting and promising attack techniques thanks to the recent advancements. In this article, we provide proper characterization, at the instruction set architecture (ISA) level, for several faulty behaviors that can be obtained when targeting a variable-length instruction set. We take into account the binary encoding of instructions, and show how the obtained behaviors depend on the alignment of the instructions in the memory. Moreover, we are also able to give a better insight on previous results from the literature, that were still partially unexplained. We also show how the observed behaviors can be exploited in various security contexts.

show abstract

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Alshaer,

Burghoorn,

Colombier

et al. 2024

J Cryptogr Eng

Self Cite

View full text Add to dashboard Cite

With the increasing complexity of embedded systems, the use of variable-length instruction sets has become essential, so that higher code density and better performance can be achieved. Security aspects are closely linked, considering the continuous improvement of attack techniques and equipment. Fault injection is among the most interesting and rising physical attack techniques. However, hardware designers and software developers lack accurate fault models to evaluate the vulnerabilities of their designs or codes in the presence of such attacks. In this article, we provide a proper characterization, at instruction set architecture (ISA) level, of several faulty behaviors that are experimentally observed when a processor running a variable-length instruction set is targeted. We include the binary encoding of instructions, and show how the obtained behaviors depend on the alignment in memory. Moreover, we give a deeper insight on previous results from the literature, that were still left unexplained. Additionally, we move downward at system level and consider the register-transfer level (RTL) to perform RTL fault simulation; This enables a better understanding of the faults propagation, validate the inferred fault models at ISA level, and reveal the origin of such faults at microarchitectural level. Finally, applying the given fault models leads us to provide vulnerability analysis on three different implementations of AES.

show abstract

Microarchitecture-aware Fault Models: Experimental Evidence and Cross-Layer Inference Methodology

Cited by 3 publications

References 9 publications

Cross-layer inference methodology for microarchitecture-aware fault models

Cross-layer inference methodology for microarchitecture-aware fault models

Variable-Length Instruction Set: Feature or Bug?

Cross-layer analysis of clock glitch fault injection while fetching variable-length instructions

Contact Info

Product

Resources

About