ABSTRACT
Fault injections are increasingly used to attack/test secure applications. In this paper, we define formal models of runtime monitors that can detect fault injections that result in test inversion attacks and arbitrary jumps in the control flow. Runtime verification monitors offer several advantages. The code implementing a monitor is small compared to the entire application code. Monitors have a formal semantics; and we prove that they effectively detect attacks. Each monitor is a module dedicated to detecting an attack and can be deployed as needed to secure the application. A monitor can run separately from the application or it can be weaved inside the application. Our monitors have been validated by detecting simulated attacks on a program that verifies a user PIN.
- Martín Abadi, Mihai Budiu, Ú lfar Erlingsson, and Jay Ligatti. 2009. Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur., Vol. 13, 1 (2009), 4:1--4:40. https://doi.org/10.1145/1609956.1609960Google ScholarDigital Library
- William Arthur, Ben Mehne, Reetuparna Das, and Todd M. Austin. 2015. Getting in control of your control flow with control-data isolation. In Proceedings of the 13th Annual IEEE/ACM International Symposium on Code Generation and Optimization, CGO 2015, San Francisco, CA, USA, February 07-11, 2015,, Kunle Olukotun, Aaron Smith, Robert Hundt, and Jason Mars (Eds.). IEEE Computer Society, 79--90. https://doi.org/10.1109/CGO.2015.7054189Google Scholar
- Christian Aumü ller, Peter Bier, Wieland Fischer, Peter Hofreiter, and Jean-Pierre Seifert. 2002. Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In Cryptographic Hardware and Embedded Systems - CHES 2002, Redwood Shores, USA, 2002, Revised Papers. 260--275.Google Scholar
- Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2011. An In-depth and Black-box Characterization of the Effects of Clock Glitches on 8-bit MCUs. In FDTC'11, Tokyo, Japan, September 29, 2011. 105--114.Google ScholarDigital Library
- Hagai Bar-El, Hamid Choukri, David Naccache, Michael Tunstall, and Claire Whelan. 2006. The Sorcerer's Apprentice Guide to Fault Attacks. Proc. IEEE, Vol. 94, 2 (2006), 370--382. https://doi.org/10.1109/JPROC.2005.862424Google ScholarCross Ref
- Alessandro Barenghi, Luca Breveglieri, Israel Koren, Gerardo Pelosi, and Francesco Regazzoni. 2010. Countermeasures against fault attacks on software implemented AES: effectiveness and cost. In Proceedings of the 5th Workshop on Embedded Systems Security, WESS 2010, Scottsdale, AZ, USA, October 24, 2010. ACM, 7. https://doi.org/10.1145/1873548.1873555Google ScholarDigital Library
- Howard Barringer, Yliè s Falcone, Klaus Havelund, Giles Reger, and David E. Rydeheard. 2012. Quantified Event Automata: Towards Expressive and Efficient Runtime Monitors. In FM 2012: Formal Methods - 18th International Symposium, Paris, France, August 27--31, 2012. Proceedings (Lecture Notes in Computer Science),, Dimitra Giannakopoulou and Dominique Mé ry (Eds.), Vol. 7436. Springer, 68--84. https://doi.org/10.1007/978-3-642-32759-9_9Google Scholar
- Thierno Barry, Damien Couroussé, and Bruno Robisson. 2016. Compilation of a Countermeasure Against Instruction-Skip Fault Attacks. In Proceedings of the Third Workshop on Cryptography and Security in Computing Systems, CS2@HiPEAC, Prague, Czech Republic, January 20, 2016.Google ScholarDigital Library
- Ezio Bartocci, Yliès Falcone, Borzoo Bonakdarpour, Christian Colombo, Normann Decker, Klaus Havelund, Yogi Joshi, Felix Klaedtke, Reed Milewicz, Giles Reger, Grigore Rosu, Julien Signoles, Daniel Thoma, Eugen Zalinescu, and Yi Zhang. 2017. First international Competition on Runtime Verification: rules, benchmarks, tools, and final results of CRV 2014. International Journal on Software Tools for Technology Transfer (2017), 1--40. https://doi.org/10.1007/s10009-017-0454--5Google Scholar
- Ezio Bartocci, Yliè s Falcone, Adrian Francalanza, and Giles Reger. 2018. Introduction to Runtime Verification. In Lectures on Runtime Verification - Introductory and Advanced Topics.Google Scholar
- David Basin, Germano Caronni, Sarah Ereth, Matúvs Harvan, Felix Klaedtke, and Heiko Mantel. 2014. Scalable Offline Monitoring. In Runtime Verification: 5th International Conference, RV 2014. Proceedings, Borzoo Bonakdarpour and Scott A. Smolka (Eds.). Springer International Publishing, 31--47. https://doi.org/10.1007/978-3-319-11164-3_4Google Scholar
- Alberto Battistello and Christophe Giraud. 2015. Fault Cryptanalysis of CHES 2014 Symmetric Infective Countermeasure. IACR Cryptology ePrint Archive, Vol. 2015 (2015), 500. http://eprint.iacr.org/2015/500Google Scholar
- Pascal Berthomé, Karine Heydemann, Xavier Kauffmann-Tourkestansky, and Jean-Francc ois Lalande. 2012. High Level Model of Control Flow Attacks for Smart Card Functional Security. In ARES 2012, Czech Republic, 2012.Google Scholar
- Tyler K. Bletsch, Xuxian Jiang, and Vincent W. Freeh. 2011. Mitigating code-reuse attacks with control-flow locking. In ACSAC'11, Orlando, 2011.Google ScholarDigital Library
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 1997. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract). In Advances in Cryptology - EUROCRYPT '97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, 1997, Proceeding.Google Scholar
- Dan Boneh, Richard A. DeMillo, and Richard J. Lipton. 2001. On the Importance of Eliminating Errors in Cryptographic Computations. J. Cryptology, Vol. 14, 2 (2001).Google ScholarDigital Library
- Guillaume Bouffard, Bhagyalekshmy N. Thampi, and Jean-Louis Lanet. 2013. Detecting Laser Fault Injection for Smart Cards Using Security Automata. In SSCC 2013, India, 2013. Proceedings.Google Scholar
- Mathieu Ciet and Marc Joye. 2005. Practical Fault Countermeasures for Chinese Remaindering Based RSA (Extended Abstract). In IN PROC. FDTC'05. 124--131.Google Scholar
- Christian Colombo and Gordon J. Pace. 2013. Fast-Forward Runtime Monitoring -- An Industrial Case Study. In Runtime Verification: Third International Conference, RV 2012, Istanbul, Turkey, September 25-28, 2012, Revised Selected Papers, Shaz Qadeer and Serdar Tasiran (Eds.). Springer Berlin Heidelberg, Berlin, Heidelberg, 214--228. https://doi.org/10.1007/978-3-642-35632-2_22Google Scholar
- Amine Dehbaoui, Amir-Pasha Mirbaha, Nicolas Moro, Jean-Max Dutertre, and Assia Tria. 2013. Electromagnetic Glitch on the AES Round Counter. In COSADE'13, Revised Selected Papers. 17--31.Google Scholar
- Louis Dureuil, Guillaume Petiot, Marie-Laure Potet, Aude Crohen, and Philippe De Choudens. 2016. FISSC: a Fault Injection and Simulation Secure Collection. In International Conference on Computer Safety, reliability and Security (LNCS), Vol. 9922. Springer Berlin / Heidelberg, Trondheim, Norway, 3-11. https://doi.org/10.1007/978-3-319-45477-1_1Google ScholarCross Ref
- Antoine El-Hokayem and Yliè s Falcone. 2018. Bringing Runtime Verification Home. In Runtime Verification - 18th International Conference, RV 2018, Limassol, Cyprus, November 10-13, 2018, Proceedings (Lecture Notes in Computer Science),, Christian Colombo and Martin Leucker (Eds.), Vol. 11237. Springer, 222--240. https://doi.org/10.1007/978--3-030-03769--7_13Google Scholar
- Sho Endo, Naofumi Homma, Yu-ichi Hayashi, Junko Takahashi, Hitoshi Fuji, and Takafumi Aoki. 2014. A Multiple-Fault Injection Attack by Adaptive Timing Control Under Black-Box Conditions and a Countermeasure. In Constructive Side-Channel Analysis and Secure Design - 5th International Workshop, COSADE 2014, Paris, France, April 13-15, 2014. Revised Selected Papers. 214--228.Google Scholar
- A. Ersoz, D. M. Andrews, and E. J. McCluskey. 1985. The watchdog task: Concurrent error detection using assertions. Technical Report CRC -- 85--8. Stanford University.Google Scholar
- Yliè s Falcone. 2010. You Should Better Enforce Than Verify. In Runtime Verification - First International Conference, RV 2010. Proceedings (Lecture Notes in Computer Science), Howard Barringer, Yliè s Falcone, Bernd Finkbeiner, Klaus Havelund, Insup Lee, Gordon J. Pace, Grigore Rosu, Oleg Sokolsky, and Nikolai Tillmann (Eds.), Vol. 6418. Springer, 89--105. https://doi.org/10.1007/978-3-642-16612-9_9Google ScholarDigital Library
- Yliè s Falcone, Klaus Havelund, and Giles Reger. 2013. A Tutorial on Runtime Verification. In Engineering Dependable Software Systems. 141--175.Google Scholar
- Yliè s Falcone, Leonardo Mariani, Antoine Rollet, and Saikat Saha. 2018. Runtime Failure Prevention and Reaction. In Lectures on Runtime Verification - Introductory and Advanced Topics, Ezio Bartocci and Yliè s Falcone (Eds.). Lecture Notes in Computer Science, Vol. 10457. Springer, 103--134. https://doi.org/10.1007/978-3-319-75632-5_4Google Scholar
- Yliè s Falcone, Laurent Mounier, Jean-Claude Fernandez, and Jean-Luc Richier. 2011. Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods in System Design, Vol. 38, 3 (2011), 223--262. https://doi.org/10.1007/s10703-011-0114-4Google ScholarDigital Library
- Arnaud Fontaine, Pierre Chifflier, and Thomas Coudray. 2015. PICON: Control Flow Integrity on LLVM IR. SSTIC (2015).Google Scholar
- Laurie Genelle, Christophe Giraud, and Emmanuel Prouff. 2009. Securing AES Implementation against Fault Attacks. In Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, 2009.Google ScholarDigital Library
- Klaus Havelund and Allen Goldberg. 2005. Verify Your Runs. In Verified Software: Theories, Tools, Experiments, First IFIP TC 2/WG 2.3 Conference, VSTTE 2005, Zurich, Switzerland, October 10--13, 2005, Revised Selected Papers and Discussions (Lecture Notes in Computer Science),, Bertrand Meyer and Jim Woodcock (Eds.), Vol. 4171. Springer, 374--383. https://doi.org/10.1007/978-3-540-69149-5_40Google Scholar
- Burton S. Kaliski Jr. and Matthew J. B. Robshaw. 1997. Comments on some new attacks on cryptographic devices. RSA Laboratories Bulletin 5 (July 1997).Google Scholar
- Dusko Karaklajic, Jö rn-Marc Schmidt, and Ingrid Verbauwhede. 2013. Hardware Designer's Guide to Fault Attacks. IEEE Trans. VLSI Syst., Vol. 21, 12 (2013).Google ScholarDigital Library
- Ramesh Karri, Grigori Kuznetsov, and Michael Gö ssel. 2003. Parity-Based Concurrent Error Detection of Substitution-Permutation Network Block Ciphers. In CHES'03, Proceedings.Google Scholar
- Ali Kassem, Yliè s Falcone, and Pascal Lafourcade. 2017. Formal analysis and offline monitoring of electronic exams. Formal Methods in System Design, Vol. 51, 1 (2017), 117--153. https://doi.org/10.1007/s10703-017-0280-0Google ScholarDigital Library
- Eugene Kuleshov. 2007. Using the ASM framework to implement common Java bytecode transformation patterns.Google Scholar
- Dilip S. V. Kumar, Arthur Beckers, Josep Balasch, Benedikt Gierlichs, and Ingrid Verbauwhede. 2018. An In-Depth and Black-Box Characterization of the Effects of Laser Pulses on ATmega328P. In CARDIS 2018, France, 2018, Revised Selected Papers.Google Scholar
- Jean-Francc ois Lalande, Karine Heydemann, and Pascal Berthomé. 2014. Software Countermeasures for Control Flow Integrity of Smart Card C Codes. In Computer Security - ESORICS 2014, Poland, 2014. Proceedings, Part II.Google ScholarDigital Library
- Martin Leucker and Christian Schallhart. 2009. A brief account of runtime verification. J. Log. Algebr. Program., Vol. 78, 5 (2009), 293--303. https://doi.org/10.1016/j.jlap.2008.08.004Google ScholarCross Ref
- Tim Lindholm, Frank Yellin, Gilad Bracha, and Alex Buckley. 2013. The Java Virtual Machine Specification, Java SE 7 Edition.Google Scholar
- Davia J. Lu. 1980. Watchdog Processors and VLSI.Google Scholar
- Aamer Mahmood, Edward J. McCluskey, and Aydin Ersoz. 1985. Concurrent System-Level Error Detection Using a Watchdog Processor. In Proceedings International Test Conference 1985, Philadelphia, PA, USA, November 1985. 145--152.Google Scholar
- Luis Mastrangelo and Matthias Hauswirth. 2014. JNIF: Java Native Instrumentation Framework. In Proceedings of the 2014 International Conference on Principles and Practices of Programming on the Java Platform: Virtual Machines, Languages, and Tools (PPPJ '14). ACM, New York, NY, USA, 194--199. https://doi.org/10.1145/2647508.2647516Google ScholarCross Ref
- Nicolas Moro, Karine Heydemann, Emmanuelle Encrenaz, and Bruno Robisson. 2014. Formal verification of a software countermeasure against instruction skip attacks. J. Cryptographic Engineering, Vol. 4, 3 (2014), 145--156. https://doi.org/10.1007/s13389-014-0077--7Google ScholarCross Ref
- Bogdan Nicolescu, Yvon Savaria, and Raoul Velazco. 2003. SIED: Software Implemented Error Detection. In DFT 2003, USA, Proceedings.Google Scholar
- B. Nicolescu, Y. Savaria, and R. Velazco. 2004. Software detection mechanisms providing full coverage against single bit-flip faults. IEEE Transactions on Nuclear Science, Vol. 51, 6 (Dec 2004).Google ScholarCross Ref
- Sikhar Patranabis, Abhishek Chakraborty, and Debdeep Mukhopadhyay. 2017. Fault Tolerant Infective Countermeasure for AES. J. Hardware and Systems Security, Vol. 1, 1 (2017), 3--17. https://doi.org/10.1007/s41635-017-0006--1Google ScholarCross Ref
- Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-Grained Control-Flow Integrity Through Binary Hardening. In Detection of Intrusions and Malware, and Vulnerability Assessment - 12th International Conference, DIMVA 2015, Milan, Italy, July 9--10, 2015, Proceedings (Lecture Notes in Computer Science), Magnus Almgren, Vincenzo Gulisano, and Federico Maggi (Eds.), Vol. 9148. Springer, 144--164. https://doi.org/10.1007/978-3-319-20550-2_8Google Scholar
- Nirmal R. Saxena and Edward J. McCluskey. 1990. Control-Flow Checking Using Watchdog Assists and Extended-Precision Checksums. IEEE Trans. Computers, Vol. 39, 4 (1990).Google ScholarDigital Library
- Jö rn-Marc Schmidt and Christoph Herbst. 2008. A Practical Fault Attack on Square and Multiply. In Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008, FDTC 2008, Washington, USA, 10 August 2008.Google ScholarDigital Library
- Ahmadou Al Khary Séré, Julien Iguchi-Cartigny, and Jean-Louis Lanet. 2011. Evaluation of Countermeasures Against Fault Attacks on Smart Cards.Google Scholar
- Hovav Shacham. 2007. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28--31, 2007, Peng Ning, Sabrina De Capitani di Vimercati, and Paul F. Syverson (Eds.). ACM, 552--561. https://doi.org/10.1145/1315245.1315313Google ScholarDigital Library
- Bilgiday Yuce, Patrick Schaumont, and Marc Witteman. 2018. Fault Attacks on Secure Embedded Software: Threats, Design, and Evaluation. J. Hardware and Systems Security, Vol. 2, 2 (2018).Google ScholarCross Ref
Index Terms
- Detecting Fault Injection Attacks with Runtime Verification
Recommendations
Faults, Injection Methods, and Fault Attacks
In a fault attack, errors are induced during the computation of a cryptographic algorithm, and the faulty results are exploited to extract information about the secret key in embedded systems. Fault attacks can break an unprotected system more quickly ...
QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks
DSD '15: Proceedings of the 2015 Euromicro Conference on Digital System DesignPhysical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS ...
Adversarial Reachability for Program-level Security Analysis
Programming Languages and SystemsAbstractMany program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers ...
Comments