Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections

Abstract : In the domain of smart cards, secured devices must be protected against high level attack potential [1]. According to norms such as the Common Criteria [2], the vulnerability analysis must cover the current state-of-the-art in term of attacks. Nowadays, a very classical type of attack is fault injection, conducted by means of laser based techniques. We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is twofolds. First, we encompass the evaluation process as a whole: starting from a fault model, we produce (or establish the absence of) attacks, taking into consideration software countermeasures. Furthermore, according to the near state-of-the-art, our methodology takes into account multiple transient fault injections and their combinatory. The proposed approach is supported by an effective tool suite based on the LLVM format [3] and the KLEE symbolic test generator [4].
Type de document :
Communication dans un congrès
Seventh IEEE International Conference on Software Testing, Verification and Validation, Mar 2014, Cleveland, United States. Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA, 2014, 〈10.1109/ICST.2014.34〉
Liste complète des métadonnées

Littérature citée [21 références]  Voir  Masquer  Télécharger

http://hal.univ-grenoble-alpes.fr/hal-01229274
Contributeur : Maxime Puys <>
Soumis le : lundi 16 novembre 2015 - 14:16:10
Dernière modification le : samedi 3 mars 2018 - 01:11:04
Document(s) archivé(s) le : vendredi 28 avril 2017 - 21:34:11

Fichier

ICST14.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Marie-Laure Potet, Laurent Mounier, Maxime Puys, Louis Dureuil. Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections. Seventh IEEE International Conference on Software Testing, Verification and Validation, Mar 2014, Cleveland, United States. Seventh IEEE International Conference on Software Testing, Verification and Validation, ICST 2014, March 31 2014-April 4, 2014, Cleveland, Ohio, USA, 2014, 〈10.1109/ICST.2014.34〉. 〈hal-01229274〉

Partager

Métriques

Consultations de la notice

240

Téléchargements de fichiers

268