s3: modeling fault injection€¦ · cristofaro mune ([email protected]) @pulsoid s3: modeling...
TRANSCRIPT
![Page 1: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/1.jpg)
Cristofaro Mune
@pulsoid
S3: Modeling Fault Injection
S3.1 - Attacks
SILM Summer School, INRIA (2019)
![Page 2: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/2.jpg)
Naming FI attacks
What do they have in common?
![Page 3: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/3.jpg)
Naming FI attacks
Injection Technique Goal
![Page 4: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/4.jpg)
Observation
• Naming only connects:
- Injection technique and
- Achieved Goal
Injection
FI technique
Clock
EM
…
Voltage
Goal
![Page 5: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/5.jpg)
Reflection
• Naming may suggest that entire attack chain:
- fully depends on the injection technique
- May not be valid with other injection techniques
• Questions:
- Is this true?
- Are we effectively naming attacks?
![Page 6: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/6.jpg)
(Our) Definitions
![Page 7: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/7.jpg)
Fault Injection
“Introducing faults in a target to alter its intended
behavior.”
![Page 8: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/8.jpg)
Other definitions
8
“Susceptibility of a given hardware subsystem to a specific
fault injection technique, which has an impact on security.”
Vulnerability (FI)
“Controlled environmental change”
Glitch
An unintended alteration of a target, as a consequence of a glitch
triggering a vulnerability.”
Fault (informal)
![Page 9: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/9.jpg)
FI Attack Anatomy
![Page 10: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/10.jpg)
Goal
• Goal: What attacker wants to achieve
- Code execution
- …
Goal
![Page 11: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/11.jpg)
Root cause: HW Vulnerability
Target
HW Vulnerability
• When triggered it leads to faults
• Located in HW
• Can only be entirely resolved in HW
• Reviews insufficient for identification (Physical parameters)
![Page 12: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/12.jpg)
Injection
Injection
FI Technique
Clock
EM
…
Voltage
• Injection: technique used for “triggering” the HW vulnerability
- Physical level
![Page 13: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/13.jpg)
Example: EM-FI
• Physics:
- Induced current in circuits net
• Logic:
- Logic state may change (closed → open)
13
System: Wrong values represented/stored/propagated
![Page 14: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/14.jpg)
Example: Optical
14
• Physics:
- Affects available carriers
• Logic:
- Logic state may change (closed → open)
System: Wrong values represented/stored/propagated
![Page 15: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/15.jpg)
Is this enough?
TargetInjection Goal
• Where are the glitch parameters?
- Localization (EM-FI, Optical), Duration, Voltage Thresholds,…
• How the physical effects are turned into a successful attack?
• Don’t we need SW to exploit?
- Shellcodes, Memory “massaging”, Payloads, Protocols…
![Page 16: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/16.jpg)
Glitch: triggering vulnerabilities
• The environmental change for triggering vulnerabilities
• HOW the injection is performed
- “Location”: Sub-system, VCC rail, Area, Time window,…
- Parameters: Duration, Intensity, Repetitions,…
16
Glitch
Glitched sub-system,
Parameters
TargetInjection Goal
![Page 17: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/17.jpg)
Fault
Fault
“Unintended behavior”
• Fault: the “changes” introduced by the glitch
• Can occur at multiple levels
- Physical, Logic, Architecture, Software,…
Glitch TargetInjection Goal
![Page 18: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/18.jpg)
Not all faults are created equal…
• Multiple different faults may occur, that:
- Leave the system unstable
- Have no visible effect
- Have no “attack-relevant” effect
• Which are the “interesting” faults?
- i.e. that can be leveraged for a successful attack
18
![Page 19: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/19.jpg)
Fault Model
Fault model
FM
FaultGlitch TargetInjection Goal
• Fault Model: defines the relevant set of faults
- Faults that can be leveraged into an exploit
- E.g.: faults that cause instruction skipping
• Can be multiple. At multiple levels.
![Page 20: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/20.jpg)
Exploit
Exploit
• Exploit: leverages faults within the fault model
- Preparation: Image layout, Shellcodes, staging,…
- Execution: Fault in adjacent rows → Memory de-dup → Shared page → Cross-VM attacks
FM
FaultGlitch TargetInjection Goal
![Page 21: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/21.jpg)
“Activation” (?)
• In some cases injection does not require physical access:
- SW may be used for “activating” injection
• Injection still occurs at physical level
• “Activation” performed by SW:
- By controlling HW subsystems/interfaces
• Examples:
- CLKSCREW:
• SW manipulates Clock + Voltage (Injection) subsystems via DFVS
- Rowhammer:
• SW causes EM interference (Injection) between memory cells by continuously accessing rows
• You can do this from Javascript!
21
![Page 22: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/22.jpg)
Activation
Activation
SW/HW
• Activation: HOW the technique is controlled
- HW activation: Physical VCC/EM/CLK injection, …
- SW activation: via DVFS, SW memory reads, PLCs (Stuxnet?)
Exploit
FM
FaultGlitch TargetInjection Goal
![Page 23: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/23.jpg)
A reference model
TargetInjection Fault
FI technique
Clock
EM
…
Voltage
Activation
SW/HW
Glitch
Glitch
parameters
Exploit
HW Vulnerability
Fault model
Goal
FM
![Page 24: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/24.jpg)
Applications
![Page 25: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/25.jpg)
Possible uses
• Support for discussing:
- Attacks
- Countermeasures
• Visualization:
- Attack strategies
- Thought process
• Identification:
- Commonalities and differences in attacks/defenses
- Research trends
![Page 26: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/26.jpg)
Visualizing countermeasures
TargetInjection FaultActivation
SW/HW
Glitch Exploit Goal
FM
• Observations:
- SW countermeasures: depend on FM, focus on exploit
- HW countermeasures: (mostly) FM independent, focus before exploit
HW (Prevent):
Laser mesh
EM shielding
HW (Detect):
Voltage
detectors
Optical
sensors
HW (Prevent):
Protecting DVFS
registers
HW (Detect):
ECC RAM
SW (Detect):
Redundant checks /
operations
SW (Mitigate):
Random delays
![Page 27: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/27.jpg)
Visualizing attacks: Linux privilege escalation
TargetInjection FaultActivation
HW
Glitch Exploit Goal
FM
VoltageSoC Main VCC
rail.
Syscall
Execution.
Undervoltage.
Glitch
parameters
HW: FPGA +
Current Amplifier
Register
content.
Instruction
processing.
Memory
Content.
Exploit (part 2):
Modify
instruction
(from FM)
to assign PC
value
Exploit (part 1):
Load shellcode in
memory
Linux Ubuntu
16.04.
Unprivileged
user.
Instruction
corruption
Arbitrary
kernel code
exec
![Page 28: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/28.jpg)
Creating “new” attacks?
Vulnerable HWGlitch Fault
SW-activated
VCC
DVFS
Voltage
May different activations…
HW-activated
…trigger the same vulnerability?
![Page 29: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/29.jpg)
Conclusions
![Page 30: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/30.jpg)
Conclusions
• FI attacks much more than:
- Select a technique and..
- “Magic happens”
• Proper modeling may allow for:
- Improving methodologies
- Countermeasures design:
• Scope, placement, Relevance/effectiveness
- Creating new attacks ‘modularly’
• Identify uncovered attack vectors
• New creative attacks for known injection techniques
- Injection-independent attacks
30
![Page 31: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/31.jpg)
![Page 32: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/32.jpg)
Cristofaro Mune
@pulsoid
S3: Modeling Fault Injection
S3.2 - Fault Models
SILM Summer School, INRIA (2019)
![Page 33: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/33.jpg)
Question
TargetInjection FaultActivation
SW/HW
Glitch Exploit
Fault model
Goal
FM
Which faults are useful and exploitable?
![Page 34: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/34.jpg)
Fault Models
![Page 35: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/35.jpg)
Traditional fault models
Control flow corruption
by “skipping instructions”
Data corruption
by “flipping bits”
One fault model for each attack
Security Measures bypass Cryptographic key extraction
![Page 36: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/36.jpg)
Reality: One glitch → Multiple faults
Fault
Physical
Circuit
Micro-Architecture
Subsystem*
Software
“Hardware”
OTP, JTAG, CPUs,…
Logical gates,
Memory Cells, Flip Flops
ExecutionControl Flow,
Data Flow
Instructions
Layer
*Extension to [2018]: Yuce, Schaumont, Witteman
![Page 37: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/37.jpg)
FaultS (!)
• Multiple faults occurs at the same time:
- With the same technique
- With one single glitch
- At multiple layers and locations in the system
• Each fault, at each layer, can be potentially exploitable
• Multiple attacks possible at the same time
- for the same Goal
- with the same injection technique
- By selecting different [fault model:exploitation]
37
![Page 38: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/38.jpg)
38
Traditional Fault Models
Fault
Physical
Circuit
Micro-Architecture
Subsystem
Software
“Hardware”
OTP, JTAG, CPUs,…
Logical gates,
Memory Cells, Flip Flops
ExecutionControl Flow,
Data Flow
Instructions
Instruction Skipping
Fault ModelLayer
Data corruption
Ro
ot C
au
se
![Page 39: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/39.jpg)
A new fault model
Remarks
• Limited control over which bit(s) will be corrupted
• Also includes other fault models as sub-cases (e.g. instruction skipping)
39
A generic one: “instruction corruption”*
*[2016]: Timmers, Spruyt, Witteman
![Page 40: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/40.jpg)
Controlling PC (or SP)
40
• ARM32 has an interesting ISA
• Program Counter (PC) is directly accessible
Attack variations (SP-control) also affect other architectures
Valid ARM instructions
Corrupted ARM instructions may directly set PC*
![Page 41: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/41.jpg)
41
Fault Model
Fault
Physical
Circuit
Micro-Architecture
Subsystem
Software
“Hardware”
OTP, JTAG, CPUs,…
Logical gates,
Memory Cells, Flip Flops
ExecutionControl Flow,
Data Flow
Instructions Instruction Modification
Fault ModelLayer
Ro
ot C
au
se
![Page 42: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/42.jpg)
Execution primitives…out of thin air
42
• ANY memory read can be redirected to PC (or SP)
- ANY memcpy()
• PC (or SP) immediately assigned with content from memory
- Exploited DIRECTLY from Instruction Layer
• Following SW NOT executed
- SW countermeasures fully bypassed
• A new target for FI:
- Security checks
- Crypto algorithms
- ...
Code Execution
![Page 43: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/43.jpg)
43
Application: Kernel exec via FI
[User]: All registers set to target memory address
Arbitrary PC control
[User]: Syscall
[Kernel]: MOV instruction modified (operand)
[Kernel]: PC becomes destination register
![Page 44: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/44.jpg)
…more to come…
(session 4)
44
![Page 45: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/45.jpg)
Using Fault Models
![Page 46: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/46.jpg)
Fault models: the Analytical approach
• Fault model focuses on actual effects:
- Attempts to model real faults as accurately as possible
- Attempts to explain the ‘how’ and ‘why’ of the fault for:
• understanding fault propagation
• inferring system behavior
- System complexity limits this approach
46
HOW and WHY do faults happen?
![Page 47: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/47.jpg)
Fault models: a Descriptive approach
• Fault model assumes interesting effects:
- Measurements performed for verification
- Focus only on ‘if’ fault occurs and ‘how often’
- Limited support for root cause identification:
• No attempt to establish causation
- But provides exactly what is needed for an attack…
47
THIS happens. With THIS frequency
![Page 48: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/48.jpg)
Practical Exploitation
• Assume a fault model for a specific layer:
- E.g. Instruction corruption
• (for SP control)
• Create an exploit, assuming that such faults occur:
- E.g. ROP based exploit
• Detect success:
- Measure frequency and useful related data
• If you have:
- ONE success, you have an attack.
- Multiple successes, you may have a predictable attack.
48
ONE may be enough
![Page 49: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/49.jpg)
From an attacker perspective…
• Fault root cause is irrelevant
• Injection technique is (mostly) irrelevant
- Only the actually introduced faults are
• Understanding the fault propagation is irrelevant
• What happens at other layers is irrelevant
• Attack relevant:
- System remains stable
- Fault within chosen fault model, shows up in the desired layer
- Exploit triggered
- Success rate49
![Page 50: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/50.jpg)
50
In summary…
Fault model predicts faults actually happening at the
chosen layer?
Attack can be performed.
YES
![Page 51: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/51.jpg)
Considerations
![Page 52: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/52.jpg)
Detecting success?
• Detection usually happens after exploit:
- Not at fault occurrence
• Detection DEPENDS on exploit side effects
- Which DEPENDS on Fault Model
• Important results may be missed if detection not aligned with fault model
• Example:
- We may have been missing decades of instruction corruptions.
- Detection was only focused on results of “instruction skipping” attacks…
52
![Page 53: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/53.jpg)
Success rate…as attack effectiveness?
• Two attacks:
- A) 1% success rate, 10 attempts per minute
- B) 0,1% success rate, 1000 attempts per minute
• Which is better?
- A) yields success after 10 minutes in average
- B) yields success after 1 minute in average
• Success rate has no attack effectiveness meaning:
- Only gives fault frequency
• Better:
- Complement with attack speed, or
- Provide average time for success
![Page 54: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/54.jpg)
Conclusions
![Page 55: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/55.jpg)
Modeling
• ‘Offensive’ fault models:
- Focus on measured effects only
- Do not require understanding physics and system-level
- Allow exploitation of faults at multiple layers
• New attacks may be possible:
- With the same injection technique
- By assuming a different Fault Model
55
![Page 56: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/56.jpg)
Observations
• “Make sure to detect successful attacks.”
- Detection depends on Fault Model and Exploit
- You may be missing so many interesting faults…for years.
• “Success rate alone is insufficient for assessing attack effectiveness”:
- Provide attack speed or average time for successful attacks
• “Faults are enabling attacks. Not how they are injected”:
- Attacks may be designed independently of injection techniques
56
![Page 57: S3: Modeling Fault Injection€¦ · Cristofaro Mune (c.mune@pulse-sec.com) @pulsoid S3: Modeling Fault Injection S3.1 - Attacks SILM Summer School, INRIA (2019)](https://reader033.vdocuments.net/reader033/viewer/2022060603/6057bfef509ccc024222359e/html5/thumbnails/57.jpg)