The Experts below are selected from a list of 17388 Experts worldwide ranked by ideXlab platform
Axel Legay - One of the best experts on this subject based on the ideXlab platform.
-
Combined software and hardware Fault Injection vulnerability detection
Innovations in Systems and Software Engineering, 2020Co-Authors: Thomas Given-wilson, Nisrine Jafri, Axel LegayAbstract:Fault Injection is a well-known method to test the robustness and security vulnerabilities of software. Software-based and hardware-based approaches have been used to detect Fault Injection vulnerabilities. Software-based approaches typically rely upon simulations that can provide broad and rapid coverage, but may not correlate with genuine hardware vulnerabilities. Hardware-based experiments are indisputable in their results, but rely upon expensive expert knowledge and manual testing yielding ad hoc and extremely limited results. Further, there is very limited connection between software-based simulation results and hardware-based experiments. This work bridges software-based and hardware-based Fault Injection vulnerability detection by contrasting results of both approaches. This demonstrates that: not all software-based vulnerabilities can be reproduced in hardware; prior conjectures on the Fault model for electromagnetic pulse attacks may not be accurate; and that there is a co-relation between software-based and hardware-based approaches. Further, combining both approaches can yield a vastly more accurate and efficient approach to detecting genuine Fault Injection vulnerabilities.
-
An automated and scalable formal process for detecting Fault Injection vulnerabilities in binaries
Concurrency and Computation: Practice and Experience, 2018Co-Authors: Thomas Given-wilson, Nisrine Jafri, Annelie Heuser, Axel LegayAbstract:Fault Injection has increasingly been used both to attack software applications, and to test system robustness. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect Fault Injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in different cryptographic implementations.
-
The State of Fault Injection Vulnerability Detection
2018Co-Authors: Thomas Given-wilson, Nisrine Jafri, Axel LegayAbstract:Fault Injection is a well known method to test the robustness and security vulnerabilities of software. Fault Injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of Fault Injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, Fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many Fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to Fault Injection vulnerability detection, and validating software and hardware results with one another.
-
An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT
2017Co-Authors: Thomas Given-wilson, Nisrine Jafri, Jeanlouis Lanet, Axel LegayAbstract:Recently Fault Injection has increasingly been used both to attack software applications, and to test system robustness. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes a general process without these limitations that uses model checking to detect Fault Injection vulnerabilities in binaries. The efficacy of this process is demonstrated by detecting vulnerabilities in the PRESENT binary.
-
An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT -- Extended Version
2017Co-Authors: Thomas Given-wilson, Nisrine Jafri, Jeanlouis Lanet, Axel LegayAbstract:Recently Fault Injection has increasingly been used both to attack software applications, and to test system robustness. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes a general process without these limitations that uses model checking to detect Fault Injection vulnerabilities in binaries. The efficacy of this process is demonstrated by detecting vulnerabilities in the PRESENT binary.
Martin Törngren - One of the best experts on this subject based on the ideXlab platform.
-
modifi a model implemented Fault Injection tool
International Conference on Computer Safety Reliability and Security, 2010Co-Authors: Rickard Svenningsson, Henrik Eriksson, Jonny Vinter, Martin TörngrenAbstract:Fault Injection is traditionally divided into simulation-based and physical techniques depending on whether Faults are injected into hardware models, or into an actual physical system or prototype. Another classification is based on how Fault Injection mechanisms are implemented. Well known techniques are hardware-implemented Fault Injection (HIFI) and softwareimplemented Fault Injection (SWIFI). For safety analyses during model-based development, Fault Injection mechanisms can be added directly into models of hardware, models of software or models of systems. This approach is denoted by the authors as model-implemented Fault Injection. This paper presents the MODIFI (MODel-Implemented Fault Injection) tool. The tool is currently targeting behaviour models in Simulink. Fault models used by MODIFI are defined using XML according to a specific schema file and the Fault Injection algorithm uses the concept of minimal cut sets (MCS) generation. First, a user defined set of single Faults are injected to see if the system is tolerant against single Faults. Single Faults leading to a failure, i.e. a safety requirement violation, are stored in a MCS list together with the corresponding counterexample. These Faults are also removed from the Fault space used for subsequent experiments. When all single Faults have been injected, the effects of multiple Faults are investigated, i.e. two or more Faults are introduced at the same time. The complete list of MCS is finally used to automatically generate test cases for efficient Fault Injection on the target system.
-
Model-Implemented Fault Injection for Hardware Fault Simulation
2010 Workshop on Model-Driven Engineering Verification and Validation, 2010Co-Authors: Rickard Svenningsson, Henrik Eriksson, Jonny Vinter, Martin TörngrenAbstract:This paper presents how model-implemented Fault Injection can be utilized to simulate the effect of hardware-related Faults in embedded systems. A Fault Injection environment has been developed to enable comparison of experiments at model level and hardware level using Simulink and an Infineon microcontroller, respectively. Experiments at model level, leading to safety requirement violations, are automatically repeated at hardware level to compare the Fault effects. Artifacts in a Simulink model (e.g. block output ports) are automatically mapped to memory addresses obtained from a linker generated map file. Thus, the same variable can be manipulated by the Fault Injection environment at both model and hardware level. For the automotive application evaluated, experiments show that the effects of data errors at model level and hardware level are similar excluding the experiments leading to exceptions.
Rickard Svenningsson - One of the best experts on this subject based on the ideXlab platform.
-
modifi a model implemented Fault Injection tool
International Conference on Computer Safety Reliability and Security, 2010Co-Authors: Rickard Svenningsson, Henrik Eriksson, Jonny Vinter, Martin TörngrenAbstract:Fault Injection is traditionally divided into simulation-based and physical techniques depending on whether Faults are injected into hardware models, or into an actual physical system or prototype. Another classification is based on how Fault Injection mechanisms are implemented. Well known techniques are hardware-implemented Fault Injection (HIFI) and softwareimplemented Fault Injection (SWIFI). For safety analyses during model-based development, Fault Injection mechanisms can be added directly into models of hardware, models of software or models of systems. This approach is denoted by the authors as model-implemented Fault Injection. This paper presents the MODIFI (MODel-Implemented Fault Injection) tool. The tool is currently targeting behaviour models in Simulink. Fault models used by MODIFI are defined using XML according to a specific schema file and the Fault Injection algorithm uses the concept of minimal cut sets (MCS) generation. First, a user defined set of single Faults are injected to see if the system is tolerant against single Faults. Single Faults leading to a failure, i.e. a safety requirement violation, are stored in a MCS list together with the corresponding counterexample. These Faults are also removed from the Fault space used for subsequent experiments. When all single Faults have been injected, the effects of multiple Faults are investigated, i.e. two or more Faults are introduced at the same time. The complete list of MCS is finally used to automatically generate test cases for efficient Fault Injection on the target system.
-
Model-Implemented Fault Injection for Hardware Fault Simulation
2010 Workshop on Model-Driven Engineering Verification and Validation, 2010Co-Authors: Rickard Svenningsson, Henrik Eriksson, Jonny Vinter, Martin TörngrenAbstract:This paper presents how model-implemented Fault Injection can be utilized to simulate the effect of hardware-related Faults in embedded systems. A Fault Injection environment has been developed to enable comparison of experiments at model level and hardware level using Simulink and an Infineon microcontroller, respectively. Experiments at model level, leading to safety requirement violations, are automatically repeated at hardware level to compare the Fault effects. Artifacts in a Simulink model (e.g. block output ports) are automatically mapped to memory addresses obtained from a linker generated map file. Thus, the same variable can be manipulated by the Fault Injection environment at both model and hardware level. For the automotive application evaluated, experiments show that the effects of data errors at model level and hardware level are similar excluding the experiments leading to exceptions.
Nisrine Jafri - One of the best experts on this subject based on the ideXlab platform.
-
Combined software and hardware Fault Injection vulnerability detection
Innovations in Systems and Software Engineering, 2020Co-Authors: Thomas Given-wilson, Nisrine Jafri, Axel LegayAbstract:Fault Injection is a well-known method to test the robustness and security vulnerabilities of software. Software-based and hardware-based approaches have been used to detect Fault Injection vulnerabilities. Software-based approaches typically rely upon simulations that can provide broad and rapid coverage, but may not correlate with genuine hardware vulnerabilities. Hardware-based experiments are indisputable in their results, but rely upon expensive expert knowledge and manual testing yielding ad hoc and extremely limited results. Further, there is very limited connection between software-based simulation results and hardware-based experiments. This work bridges software-based and hardware-based Fault Injection vulnerability detection by contrasting results of both approaches. This demonstrates that: not all software-based vulnerabilities can be reproduced in hardware; prior conjectures on the Fault model for electromagnetic pulse attacks may not be accurate; and that there is a co-relation between software-based and hardware-based approaches. Further, combining both approaches can yield a vastly more accurate and efficient approach to detecting genuine Fault Injection vulnerabilities.
-
Formal Fault Injection vulnerability detection in binaries : a software process and hardware validation
2019Co-Authors: Nisrine JafriAbstract:Fault Injection is a well known method to test the robustness and security vulnerabilities of systems. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. Software-based and hardware-based approaches have both been used to detect Fault Injection vulnerabilities. Software-based approaches can provide broad and rapid coverage, but may not correlate with genuine hardware vulnerabilities. Hardware-based approaches are indisputable in their results, but rely upon expensive expert knowledge, manual testing, and can not confirm what Fault model represent the created effect. First, this thesis focuses on the software-based approach and proposes a general process that uses model checking to detect Fault Injection vulnerabilities in binaries. The efficacy and scalability of this process is demonstrated by detecting vulnerabilities in different cryptographic real-world implementations. Then, this thesis bridges software-based and hardware-based Fault Injection vulnerability detection by contrasting results of the two approaches. This demonstrates that: not all software-based vulnerabilities can be reproduced in hardware; prior conjectures on the Fault model for electromagnetic pulse attacks may not be accurate; and that there is a relationship between software-based and hardware-based approaches. Further, combining both software-based and hardware-based approaches can yield a vastly more accurate and efficient approach to detect genuine Fault Injection vulnerabilities.
-
An automated and scalable formal process for detecting Fault Injection vulnerabilities in binaries
Concurrency and Computation: Practice and Experience, 2018Co-Authors: Thomas Given-wilson, Nisrine Jafri, Annelie Heuser, Axel LegayAbstract:Fault Injection has increasingly been used both to attack software applications, and to test system robustness. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes an extension of a recently published general model checking based process to detect Fault Injection vulnerabilities in binaries. This new extension makes the general process scalable to real-world implementions which is demonstrated by detecting vulnerabilities in different cryptographic implementations.
-
The State of Fault Injection Vulnerability Detection
2018Co-Authors: Thomas Given-wilson, Nisrine Jafri, Axel LegayAbstract:Fault Injection is a well known method to test the robustness and security vulnerabilities of software. Fault Injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of Fault Injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, Fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many Fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to Fault Injection vulnerability detection, and validating software and hardware results with one another.
-
An Automated Formal Process for Detecting Fault Injection Vulnerabilities in Binaries and Case Study on PRESENT
2017Co-Authors: Thomas Given-wilson, Nisrine Jafri, Jeanlouis Lanet, Axel LegayAbstract:Recently Fault Injection has increasingly been used both to attack software applications, and to test system robustness. Detecting Fault Injection vulnerabilities has been approached with a variety of different but limited methods. This paper proposes a general process without these limitations that uses model checking to detect Fault Injection vulnerabilities in binaries. The efficacy of this process is demonstrated by detecting vulnerabilities in the PRESENT binary.
Luciano Ost - One of the best experts on this subject based on the ideXlab platform.
-
efficient soft error vulnerability analysis using non intrusive Fault Injection techniques
IFIP IEEE International Conference on Very Large Scale Integration, 2019Co-Authors: Vitor Bandeira, Ricardo Reis, Felipe Rosa, Luciano OstAbstract:Electronic computing systems are integrating modern multicore processors and GPUs aiming to perform complex software stacks in different life-critical systems, including health devices and emerging self-driving cars. Such systems are expected to experience at least one soft error per day in the near future, which may lead to life-threatening failures. To prevent these failures, critical system must be tested and verified while under realistic workloads. This paper presents four novel non-intrusive Fault Injection techniques that enable full Fault Injection control and inspection of multicore systems behavior in the presence of Faults. Proposed techniques were integrated into a Fault Injection framework and verified through a real automotive case study with up to 43 billions instructions. Results show that compared to traditional methods, the new techniques can increase the efficiency of Fault Injection campaigns during early development phase by 32.28%.
-
non intrusive Fault Injection techniques for efficient soft error vulnerability analysis
IFIP IEEE International Conference on Very Large Scale Integration, 2019Co-Authors: Vitor Bandeira, Ricardo Reis, Felipe Rosa, Luciano OstAbstract:Electronic computing systems are integrating modern multicore processors and GPUs aiming to perform complex software stacks in different life-critical systems, including health devices and emerging self-driving cars. Such systems are expected to experience at least one soft error per day in the near future [1], which may lead to life-threatening failures. This paper presents four novel non-intrusive Fault Injection techniques that enable full Fault Injection control and inspection of multicore systems behavior in the presence of Faults. Proposed techniques were integrated into a Fault Injection framework and verified through a real automotive case study with up to 43 billions instructions. Results show that isolating critical application functions can lead to a more efficient soft error analysis with a reduction of masked Faults in up to 28%.
-
a fast and scalable Fault Injection framework to evaluate multi many core soft error reliability
Defect and Fault Tolerance in VLSI and Nanotechnology Systems, 2015Co-Authors: Felipe Rosa, Ricardo Reis, Fernanda Lima Kastensmidt, Luciano OstAbstract:Increasing chip power densities allied to the continuous technology shrink is making emerging multiprocessor embedded systems more vulnerable to soft errors. Due the high cost and design time inherent to board-based Fault Injection approaches, more appropriate and efficient simulation-based Fault Injection frameworks become crucial to guarantee the adequate design exploration support at early design phase. In this scenario, this paper proposes a fast and flexible Fault injector framework, called OVPSim-FIM, which supports parallel simulation to boost up the Fault Injection process. Aiming at validating OVPSim-FIM, several Fault Injection campaigns were performed in ARM processors, considering a market leading RTOS and benchmarks with up to 10 billions of object code instructions. Results have shown that OVPSim-FIM enables to inject Faults at speed of up to 10,000 MIPS, depending on the processor and the benchmark profile, enabling to identify erros and exceptions according to different criteria and classifications.
