Download PDFOpen PDF in browserCombining Static Analysis and Dynamic Symbolic Execution in a Toolchain to detect Fault Injection Vulnerabilities17 pages•Published: October 3, 2022AbstractCertification through auditing allows to ensure that critical embedded systems are secure. This entails reviewing their cryptographic components and checking for dangerous execution paths. This latter task requires the use of specialized tools which allow to explore and replay executions but are also difficult to use effectively within the context of the audit, where time and knowledge of the code are limited. Fault analysis is especially tricky as the attacker may actively influence execution, rendering some common methods unusable and increasing the number of possible execution paths exponentially. In this work, we present a new method which mitigates these issues by reducing the number of fault injection points considered to only the most relevant ones relatively to some security properties. We use fast and robust static analysis to detect injection points and assert their impactfulness. A more precise dynamic/symbolic method is then employed to validate attack paths. This way the insight required to find attacks is reduced and dynamic methods can better scale to realistically sized programs. Our method is implemented into a toolchain based on Frama-C and KLEE and validated on WooKey, a case-study proposed by the National Cybersecurity Agency of France.Keyphrases: bootloader use case, fault injection robustness, source code static analysis, symbolic execution In: Ulrich Kühne and Fan Zhang (editors). Proceedings of 10th International Workshop on Security Proofs for Embedded Systems, vol 87, pages 1-17.
|