A tool assisted methodology to harden programs against multi-faults injections

Etienne Boespflug,Abderrahmane Bouguern,Laurent Mounier,Marie-Laure Potet
2023-03-03
Abstract:Fault attacks consist in changing the program behavior by injecting faults at run-time in order to break some expected security properties. Applications are hardened against fault attack adding countermeasures. According to the state of the art, applications must now be protected against multi-fault injection. As a consequence developing applications which are robust becomes a very challenging task, in particular because countermeasures can be also the target of attacks. The aim of this paper is to propose an assisted methodology for developers allowing to harden an application against multi-fault attacks, addressing several aspects: how to identify which parts of the code should be protected and how to choose the most appropriate countermeasures, making the application more robust and avoiding useless runtime checks.
Cryptography and Security
What problem does this paper attempt to address?
### Problems Addressed by the Paper The paper aims to address the issue of how to enhance programs to withstand multi-fault injection attacks. Specifically, the paper focuses on: 1. **Identifying the parts of the code that need protection**: How to determine which parts of the program most need protection to prevent multi-fault injection attacks. 2. **Choosing appropriate protective measures**: How to select the most suitable protective measures to make the application more robust while avoiding unnecessary runtime checks. 3. **Dealing with the challenges of multi-fault injection**: Existing protective measures often target single faults, whereas multi-fault injection attacks are more complex and require consideration of multiple faults at different times and locations. ### Background and Motivation - **Fault Injection Attacks**: These attacks alter program behavior by injecting faults at runtime, thereby compromising expected security properties. Initially targeting embedded systems, these attacks now affect a broader range of software categories due to hardware vulnerabilities like Rowhammer attacks. - **Limitations of Existing Protective Measures**: Current tools typically add protective measures at compile time, but these measures mainly target single faults and can themselves become targets of attacks. - **Challenges of Multi-Fault Injection**: Multi-fault injection attacks make developing robust applications more difficult because the protective measures themselves can also be attacked. ### Main Contributions of the Paper 1. **Problem Definition**: Defines a method for comparing program robustness in the context of multi-fault injection. 2. **Analysis of Protective Measures**: Proposes a method to analyze the effectiveness of protective measures and their own attack surfaces separately. 3. **Algorithm Implementation**: Proposes an algorithm to harden applications based on identified vulnerabilities and the characteristics of protective measures. 4. **Tool Implementation and Evaluation**: Implements this method based on the Lazart tool and evaluates it on a set of code examples. ### Methodology - **Fault Model**: Simulates attacks through specific fault models such as control flow or data modification. - **Dynamic Symbolic Execution**: Uses tools like Klee for dynamic symbolic execution to generate all successful attack paths. - **Minimal Attack Set**: Reduces analysis complexity by calculating the minimal attack set. - **Protection Level of Protective Measures**: Defines and calculates the protection level of protective measures, i.e., the minimum number of faults required to bypass the protective measures. ### Conclusion The paper proposes a methodology to assist developers in hardening programs against multi-fault injection attacks. By systematically analyzing and selecting protective measures, the methodology improves program robustness while reducing unnecessary performance overhead.