QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks

Physical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS hardware. In order to evaluate software countermeasures against fault attacks, fault injection is needed. However, established fault injection approaches require manufactured products or hardware details (e.g. netlists, RTL models), which are not available when using COTS hardware. In this paper, we present a QEMU-based fault injection platform that supports commercial COTS processors that are widely-used in the embedded domain. This framework allows a system-level analysis of software countermeasures by featuring the simulation of high-level hardware faults targeting, for example, memory cells, register cells, or the correct execution of instructions. The framework supports the generation of realistic fault attack scenarios. We illustrate the practicability of the approach by presenting two exemplary use cases.

[1]  Alessandro Barenghi,et al.  Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures , 2012, Proceedings of the IEEE.

[2]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[3]  Fabrice Bellard,et al.  QEMU, a Fast and Portable Dynamic Translator , 2005, USENIX ATC, FREENIX Track.

[4]  Jun Xu,et al.  The Research of Memory Fault Simulation and Fault Injection Method for BIT Software Test , 2012, 2012 Second International Conference on Instrumentation, Measurement, Computer, Communication and Control.

[5]  Fernanda Gusmão de Lima Kastensmidt,et al.  Soft error injection methodology based on QEMU software platform , 2014, LATW.

[6]  Georg Sigl,et al.  Comprehensive analysis of software countermeasures against fault attacks , 2013, 2013 Design, Automation & Test in Europe Conference & Exhibition (DATE).

[7]  Christian Steger,et al.  A Fault Attack Emulation Environment to Evaluate Java Card Virtual-Machine Security , 2014, 2014 17th Euromicro Conference on Digital System Design.

[8]  Ravishankar K. Iyer,et al.  An experimental study of soft errors in microprocessors , 2005, IEEE Micro.

[9]  Song Fu,et al.  F-SEFI: A Fine-Grained Soft Error Fault Injection Tool for Profiling Application Vulnerability , 2014, 2014 IEEE 28th International Parallel and Distributed Processing Symposium.

[10]  Mehdi Baradaran Tahoori,et al.  A-SOFT-AES: Self-adaptive software-implemented fault-tolerance for AES , 2013, 2013 IEEE 19th International On-Line Testing Symposium (IOLTS).

[11]  Marc Joye A Method for Preventing "Skipping" Attacks , 2012, 2012 IEEE Symposium on Security and Privacy Workshops.

[12]  Andrea Höller,et al.  A Virtual Fault Injection Framework for Reliability-Aware Software Development , 2015, 2015 IEEE International Conference on Dependable Systems and Networks Workshops.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Christian Steger,et al.  Power And Fault Emulation for Software Verification and System Stability Testing in Safety Critical Environments , 2013, IEEE Transactions on Industrial Informatics.

[15]  Slawomir Chylek Collecting program execution statistics with Qemu processor emulator , 2009, 2009 International Multiconference on Computer Science and Information Technology.

[16]  Nermin Kajtazovic,et al.  FIES: A Fault Injection Framework for the Evaluation of Self-Tests for COTS-Based Safety-Critical Systems , 2014, 2014 15th International Microprocessor Test and Verification Workshop.

[17]  Wouter Joosen,et al.  Bitsquatting: exploiting bit-flips for fun, or profit? , 2013, WWW.