Buffer overflow attack with multiple fault injection and a proven countermeasure

Nashimoto, Shoei; Homma, Naofumi; Hayashi, Yu Ichi; Takahashi, Jun; Fuji, Hitoshi; Aoki, Takafumi

doi:10.1007/s13389-016-0136-3

Cited by 15 publications

(14 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks in the cryptography [9,12] and systems [17] literature often target loops, aiming for early or deferred loop exit. We would first like to assess the practicality of such control flow disruption on sensitive loops.…”

Section: Preliminary Fault Sensitivity Analysismentioning

confidence: 99%

“…• the memcpy-like function in Listing 1 is typical of firmware updates subject to buffer overflow attacks [17]; instead of copying, values in the source and destination buffers are added to ease result analysis; • the memcmp-like function with early exit in Listing 2 resembles authentication schemes such as PIN verification [10]; again, to facilitate analysis, the outcome of the comparison is stored in a destination buffer at every iteration.…”

Section: Loop Benchmarksmentioning

confidence: 99%

See 1 more Smart Citation

A First ISA-Level Characterization of EM Pulse Effects on Superscalar Microarchitectures

Proy¹,

Heydemann

Berzati³

et al. 2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

In the area of physical attacks, system-on-chip (SoC) designs have not received the same level of attention as simpler micro-controllers. We try to model the behavior of secure software running on a superscalar out-of-order microprocessor typical of more complex SoC, in the presence of electromagnetic (EM) pulses. We first show that it is possible, in a black box approach, to corrupt the loop iteration count of both original and hardened versions of two sensitive loops. We propose a characterization methodology based on very simple codes, to understand and classify the fault effects at the level of the instruction set architecture (ISA). The resulting classification includes the well established instruction skip and register corruption models, as well as new effects specific to more complex processors, such as operand substitution, multiple correlated register corruptions, advanced control-flow hijacking, and combinations of all reported effects. This diversity and complexity of effects can lead to powerful attacks. The proposed methodology and fault classification at ISA level is a first step towards a more complete characterization. It is also a tool supporting the designers of software and hardware countermeasures. CCS CONCEPTS • Security and privacy → Hardware attacks and countermeasures; Software and application security; • Computer systems organization → Embedded and cyber-physical systems.

show abstract

Section: Preliminary Fault Sensitivity Analysismentioning

confidence: 99%

Section: Loop Benchmarksmentioning

confidence: 99%

A First ISA-Level Characterization of EM Pulse Effects on Superscalar Microarchitectures

Proy¹,

Heydemann

Berzati³

et al. 2019

Proceedings of the 14th International Conference on Availability, Reliability and Security

View full text Add to dashboard Cite

show abstract

“…In addition to their use in cryptanalysis, fault attacks can also be used to trigger logical attacks (e.g., control flow hijacking, privilege escalation, subverting memory isolation) on general-purpose processors [44], [49], [54], [45], [34], [15] and smart cards as a special case. As we are interested by this latter, examples from the literature are briefly presented below.…”

Section: Fault Enabled Logical Attacksmentioning

confidence: 99%

Hiding a fault enabled virus through code construction

Hamadouche

Lanet

Mezghiche

2019

J Comput Virol Hack Tech

View full text Add to dashboard Cite

Smart cards are very secure devices designed to execute applications and store confidential data. Therefore, they become the target of many hardware and software attacks that aim to bypass their embedded security mechanisms in order to gain access to the sensitive stored data. Recently, a new kind of attacks called combined attacks has appeared. They aim to induce perturbations in the application's execution environment. Thus, correct and legitimate application can be dynamically modified to become a hostile one after being loaded in the card using a fault injection. In this paper, we treat the problem from another angle: how to design an innocent looking code in such a way that it becomes intentionally hostile after being activated by a fault injection? We present an original approach of backward code construction based on constraints satisfaction and a tree traversal algorithm. After that, we propose a way to optimize the search process by introducing heuristics for a faster convergence towards more realistic solutions.We implement this approach in a Trace Generator tool; thereafter evaluate its capacity to generate the required solutions while giving a proof-of-concept of the code desynchronization technique.

show abstract

“…The diversity of all previous proposed mechanism can be categorised into two main different solutions: software-based (Chiveh and Hsu, 2001;Vendicator;Gadaleta et al, 2009;Cowan et al, 1998;Tyagi and Lee, 2000;Pyo and Lee, 2002;Jones and Kelly, 1997;Baratloo et al, 1999;Baratloo et al, 2000;Solar Designer;Nashimoto et al, 2016) and hardware-based (Francillon et al, 2009;Xu et al, 2002;Alexander, 2005;CERT;Giasson, 2001;Eichin and Rochlis, 1989;Danger et al, 2016). Software solutions focus on existing source code while Hardware solutions need major changes in the computer and memory hardware architecture.…”

Section: Vulnerabilities Reported To Certmentioning

confidence: 99%

A software approach for stack memory protection based on duplication and randomisation

Alouneh

Kharbutli

AlQurem

2016

IJITST

View full text Add to dashboard Cite

Abstract:With software systems continuously growing in size and complexity, the number and variety of security vulnerabilities in those systems is increasing in an alarming rate. Unfortunately, all previously proposed solutions that deal with this problem suffer from shortcomings and therefore highlighting the need for further research in this vital area. In this paper, a software-based solution for stack-based vulnerabilities and attacks is proposed, implemented, and tested. The basic idea of our approach is to implement a patch tool that makes multiple copies of the return addresses in the stack, and then randomises the location of all copies in addition to their number. All duplicate copies are updated and checked in parallel such that any mismatch between any of these copies would indicate a possible attack attempt and would trigger an exception. The results of our implementation show high protection against integer overflow and buffer overflow attacks.Keywords: stack-based protection; buffer overflow; security.Reference to this paper should be made as follows: Alouneh, S., Kharbutli, M. and AlQurem, R. (2016) 'A software approach for stack memory protection based on duplication and randomisation', Int.

show abstract

Buffer overflow attack with multiple fault injection and a proven countermeasure

Cited by 15 publications

References 11 publications

A First ISA-Level Characterization of EM Pulse Effects on Superscalar Microarchitectures

A First ISA-Level Characterization of EM Pulse Effects on Superscalar Microarchitectures

Hiding a fault enabled virus through code construction

A software approach for stack memory protection based on duplication and randomisation

Contact Info

Product

Resources

About