Collaborative: FMitF: Track I: A Principled Approach to Modeling and Analysis of Hardware Fault Attacks on Embedded Software

协作：FMitF：第一轨：嵌入式软件硬件故障攻击建模和分析的原则方法

基本信息

批准号：
2219810
负责人：
Patrick Schaumont
金额：
$ 37.45万
依托单位：
Worcester Polytechnic Institute
依托单位国家：
美国
项目类别：
Standard Grant
财政年份：
2022
资助国家：
美国
起止时间：
2022-07-15 至 2026-06-30
项目状态：
未结题

来源：
https://www.nsf.gov/awardsearch/showAward?AWD_ID=2219810&HistoricalAwards=false
关键词：
Collaborative FMitF Track Principled Approach

项目摘要

In a hardware fault attack on embedded software, an attacker can temporarily change the meaning of instructions in the embedded software or the value of its data. The consequences of unmitigated fault attacks are significant. They may lead to privilege escalation of an attacker's code over victim code or information leakage from a victim process to an attacker. However, the software community does not yet have a deep understanding of fault attacks. The effects of fault injection on a digital system are only understood at the hardware level. The gap is due to the lack of models that adequately capture the effects of fault injection on complex, layered systems, leading to the lack of clear guarantees about the non-exploitability of software. The project's novelties are to develop a principled understanding of these hardware attacks and to create novel formal analysis tools and methodologies for secure embedded software verification. The project's impacts are to help the software community understand the importance and relevance of hardware fault attacks and to help mitigate the security risks. The expected outcomes are formal tools and techniques for improved fault detection and fault countermeasures that would address malicious hardware fault attacks and faults related to the rapidly growing problem of silicon reliability.The project investigates a unified framework capable of modeling and analyzing the impact of hardware faults on embedded software in a principled and systematic fashion. The framework combines open-source simulation and compilation technologies to show exploitability, or to prove non-exploitability, in the presence of hardware fault attacks. Three research tasks lead to the framework's development. First, the design of a fault model captures the impact of hardware faults at the instruction-set architecture (ISA) level. Second, hardware-software co-simulation characterizes the fault model. Third, formal analysis and verification tools integrate the fault model to efficiently and accurately investigate the faults' impact on software code. Finally, the investigators create and extend graduate-level educational content on the use of formal technologies in the field of embedded software. The investigators also direct senior theses to include undergraduate students in the research.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在对嵌入式软件的硬件故障攻击中，攻击者可以暂时更改嵌入式软件中指令的含义或其数据值。未固定的断层攻击的后果是显着的。他们可能会导致攻击者代码的特权升级，而不是受害者代码或从受害者流程到攻击者的信息泄漏。但是，软件社区尚未对故障攻击有深刻的了解。仅在硬件级别上了解故障注入对数字系统的影响。差距是由于缺乏充分捕获断层注入对复杂的分层系统的影响的模型所致，从而导致缺乏对软件的不阐明性的明确保证。该项目的新颖性是对这些硬件攻击的原则理解，并为安全嵌入式软件验证创建新颖的正式分析工具和方法。该项目的影响是帮助软件社区了解硬件故障攻击的重要性和相关性，并帮助降低安全风险。预期的结果是改善故障检测和故障对策的正式工具和技术，这些技术将解决与硅可靠性快速增长的问题有关的恶意硬件故障攻击和故障。该项目研究了一个统一的框架，能够建模和分析硬件故障对原理和系统性的嵌入式软件的影响。在存在硬件故障攻击的情况下，该框架结合了开源仿真和编译技术，以显示可剥削性或证明不探索性。三项研究任务导致该框架的发展。首先，故障模型的设计捕获了指令集架构（ISA）级别上硬件故障的影响。其次，硬件 - 软件共同模拟表征了故障模型。第三，正式的分析和验证工具集成了故障模型，以有效，准确地研究故障对软件代码的影响。最后，研究人员创建并扩展了有关在嵌入式软件领域中使用正式技术的研究生级教育内容。调查人员还指导高级论文将本科生纳入研究。该奖项反映了NSF的法定任务，并被认为是值得通过基金会的知识分子优点和更广泛的影响审查标准的评估来支持的。

项目成果

期刊论文数量（2）

专著数量（0）

科研奖励数量（0）

会议论文数量（0）

专利数量（0）

The Technological Arms Race in Hardware Security

硬件安全领域的技术军备竞赛

DOI：
10.1109/emcsi39492.2022.9889394
发表时间：
2022
期刊：
2022 IEEE International Symposium on Electromagnetic Compatibility & Signal/Power Integrity (EMCSI
影响因子：
0
作者：
Tajik, Shahin;Schaumont, Patrick
通讯作者：
Schaumont, Patrick

Analysis of EM Fault Injection on Bit-sliced Number Theoretic Transform Software in Dilithium