An automated and scalable formal process for detecting fault injection vulnerabilities in binaries

Abstract: Fault injection has increasingly been used both to attack software applications, and to test system robustness. Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in differe… Show more

“…The faults may be injected into the program before or after the model is constructed, but the model is then tested for specific behaviours or properties and the results used to reason about the behaviour of the program. The second is becoming more popular in recent works [13,14] as formal methods can be used on the model that allow for reasoning about all possible outcomes, and verifying when properties of the model may hold. Note that a vulnerability can be defined rather abstractly in many software based approaches since no clearly observable behaviour is required, merely some definition of how to define vulnerability for the simulation or model.…”

“…Software-based simulations do not require expensive or dedicated hardware and can be run on most computing devices easily [26]. Also with various software tools being developed and matured, limited expertise is needed to plug together a toolchain to do fault injection vulnerability detection [13,14]. Such a toolchain can then be automated to detect fault injection vulnerabilities without direct oversight or intervention.…”

“…One recent development in the software based approaches is the use of formal methods that can provide stronger claims about the existence (or more often absence) of a fault injection vulnerability [13,14]. The benefit of formal methods is that the results allow for strong positive statements about the properties that have been proved (or disproved) formally.…”

“…Recent works have started to address the above challenges by using an automated process to find fault injection vulnerabilities over whole functions and with many fault models [13,14]. However, despite these showing good results they are still challenges due to the tools used, and are still targeting a single architecture (albeit upon the binary itself).…”

The State of Fault Injection Vulnerability Detection

“…The faults may be injected into the program before or after the model is constructed, but the model is then tested for specific behaviours or properties and the results used to reason about the behaviour of the program. The second is becoming more popular in recent works [13,14] as formal methods can be used on the model that allow for reasoning about all possible outcomes, and verifying when properties of the model may hold. Note that a vulnerability can be defined rather abstractly in many software based approaches since no clearly observable behaviour is required, merely some definition of how to define vulnerability for the simulation or model.…”

“…Software-based simulations do not require expensive or dedicated hardware and can be run on most computing devices easily [26]. Also with various software tools being developed and matured, limited expertise is needed to plug together a toolchain to do fault injection vulnerability detection [13,14]. Such a toolchain can then be automated to detect fault injection vulnerabilities without direct oversight or intervention.…”

“…One recent development in the software based approaches is the use of formal methods that can provide stronger claims about the existence (or more often absence) of a fault injection vulnerability [13,14]. The benefit of formal methods is that the results allow for strong positive statements about the properties that have been proved (or disproved) formally.…”

“…Recent works have started to address the above challenges by using an automated process to find fault injection vulnerabilities over whole functions and with many fault models [13,14]. However, despite these showing good results they are still challenges due to the tools used, and are still targeting a single architecture (albeit upon the binary itself).…”

The State of Fault Injection Vulnerability Detection

“…Detecting fault injection vulnerabilities has been approached with a variety of different but limited methods. Given‐Wilson et al propose extension of a recently published general model checking–based process to detect fault injection vulnerabilities in binaries. This new extension makes the general process scalable to real‐world implementations.…”

Editorial to the Special Issue on Recent Advances on Trust, Security and Privacy in Computing and Communications

Brief Announcement: Effectiveness of Code Hardening for Fault-Tolerant IoT Software