Adversarial reachability for program-level security analysis - Université Grenoble Alpes
Communication Dans Un Congrès Année : 2023

Adversarial reachability for program-level security analysis

Résumé

Many program analysis tools and techniques have been developed to assess program vulnerability. Yet, they are based on the standard concept of reachability and represent an attacker able to craft smart legitimate input, while in practice attackers can be much more powerful, using for instance micro-architectural exploits or fault injection methods. We introduce adversarial reachability, a framework allowing to reason about such advanced attackers and check whether a system is vulnerable or immune to a particular attacker. As equipping the attacker with new capacities significantly increases the state space of the program under analysis, we present a new symbolic exploration algorithm, namely adversarial symbolic execution, injecting faults in a forkless manner to prevent path explosion, together with optimizations dedicated to reduce the number of injections to consider while keeping the same attacker power. Experiments on representative benchmarks from fault injection show that our method significantly reduces the number of adversarial paths to explore, allowing to scale up to 10 faults where prior work timeout for 3 faults. In addition, we analyze the well-tested WooKey bootloader, and demonstrate the ability of our analysis to find attacks and evaluate countermeasures in real-life security scenarios. We were especially able to find an attack not mentioned in a previous patch.
Fichier principal
Vignette du fichier
2023-esop.pdf (803.6 Ko) Télécharger le fichier
Origine Fichiers produits par l'(les) auteur(s)
Licence

Dates et versions

cea-04199882 , version 1 (08-09-2023)

Licence

Identifiants

Citer

Sébastien Bardin, Soline Ducousso, Marie-Laure Potet. Adversarial reachability for program-level security analysis. ESOP 2023 - 32nd European Symposium on Programming,, ETAPS, Apr 2023, Paris, France. pp.58-89, ⟨10.1007/978-3-031-30044-8_3⟩. ⟨cea-04199882⟩
75 Consultations
40 Téléchargements

Altmetric

Partager

More