[FOCUS ON] Project CLAM: Cross-Layer Fault Analysis for Microprocessor Architectures

By Vincent Beroulle (LCIS), Paolo Maistri (TIMA), Marie-Laure Potet (Verimag)

This project is part of the axis Cyber Physical System (CPS) of the Persyval labex and is funded by this labex (“Equipe Action Persycal”). This project associates 3 Labex Persyval laboratories, LCIS, TIMA and Verimag, with complementary specialties and experiences.

Securing the software components (e.g., microprocessors and microcontrollers) intended for the IoT market, as well as for critical Cyber Physical Systems, requires, on the one hand, analyzing their vulnerabilities and, on the other hand, defining hardware and software countermeasures at the most appropriate cost.

The increasing complexity of the microprocessor architectures and the applications they run means that the typical software fault models (such as instruction skips, instruction replacements) used to analyze the vulnerability of their code are no longer sufficient to express the diversity of faulty behaviors in modern architectures. Indeed, microarchitecture designers have progressively added many complex hardware blocks (for example, pipeline, cache memory, branch prediction, speculative execution, specialized blocks) in order to optimize program executions. At the same time, fault injection techniques (such as ElectroMagnetic or Laser attacks, voltage or clock glitch injections) are constantly progressing. Today, these techniques allow multiple injections both multi-temporal and multi-spatial to achieve attacker objectives.

Challenge 1: studying the modeling of complex physical attack effects

Against these fault injection attacks, hardware (HW) designers and software (SW) developers must implement countermeasures to detect or mask the complex physical effects of the injected faults. The project CLAM aims at developing a complete methodology to extract from a given microprocessor or microcontroller physical targets some new, accurate and highly representative, hardware (RTL) and software fault models.

Challenge 2: helping to evaluate, design and combine adapted countermeasures

Countermeasures can be implemented at the hardware level (e.g., duplication of memory elements, error correcting codes, isolation mechanisms) or at the software level (e.g., duplication of instructions or algorithms, insertion of security tests, signature verification). Designing robust implementations raises several open problems: how to really evaluate the efficiency of countermeasures, how to compare them and how to combine at the best these hardware and software countermeasures?
The project CLAM will propose some solutions to automatically insert fair cost hardware or software fault countermeasures and detection mechanisms adapted to these fault models.

Challenge 3: automatic tools for taking into account spatial and temporal multi-faults.

The state of the art in terms of attack is nowadays multi-fault attacks (spatial or temporal). That makes physical attacks a very powerful attack vector, in particular because countermeasures can also be attacked. Multi-fault attacks introduce a very combinatorial reasoning for developers, designers and evaluators and cannot be taken into account without tools helping them.
The project CLAM will study how the already existing tools developed by the 3 laboratories involved in the project could be combined and extended to support the proposed methodology. In addition to the analysis of single fault attacks, the analysis of multiple fault attacks will be targeted.
Published on October 14, 2020