Collaborative Research: FMitF: Track I: A Principled Approach to Modeling and Analysis of Hardware Fault Attacks on Embedded Software
University Of Southern California, Los Angeles CA
Investigators
Abstract
In a hardware fault attack on embedded software, an attacker can temporarily change the meaning of instructions in the embedded software or the value of its data. The consequences of unmitigated fault attacks are significant. They may lead to privilege escalation of an attacker's code over victim code or information leakage from a victim process to an attacker. However, the software community does not yet have a deep understanding of fault attacks. The effects of fault injection on a digital system are only understood at the hardware level. The gap is due to the lack of models that adequately capture the effects of fault injection on complex, layered systems, leading to the lack of clear guarantees about the non-exploitability of software. The project's novelties are to develop a principled understanding of these hardware attacks and to create novel formal analysis tools and methodologies for secure embedded software verification. The project's impacts are to help the software community understand the importance and relevance of hardware fault attacks and to help mitigate the security risks. The expected outcomes are formal tools and techniques for improved fault detection and fault countermeasures that would address malicious hardware fault attacks and faults related to the rapidly growing problem of silicon reliability. The project investigates a unified framework capable of modeling and analyzing the impact of hardware faults on embedded software in a principled and systematic fashion. The framework combines open-source simulation and compilation technologies to show exploitability, or to prove non-exploitability, in the presence of hardware fault attacks. Three research tasks lead to the framework's development. First, the design of a fault model captures the impact of hardware faults at the instruction-set architecture (ISA) level. Second, hardware-software co-simulation characterizes the fault model. Third, formal analysis and verification tools integrate the fault model to efficiently and accurately investigate the faults' impact on software code. Finally, the investigators create and extend graduate-level educational content on the use of formal technologies in the field of embedded software. The investigators also direct senior theses to include undergraduate students in the research. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →