Combined software and hardware fault injection vulnerability detection

Given-Wilson, Thomas [UCL] Jafri, Nisrine Legay, Axel [UCL]

Fault injection is a well known method to test the robustness and security vulnerabilities of software. Software-based and hardware-based approaches have been used to detect fault injection vulnerabilities. Software-based approaches typically rely upon simulations that can provide broad and rapid coverage, but may not correlate with genuine hardware vulnerabilities. Hardware-based experiments are indisputable in their results, but rely upon expensive expert knowledge and manual testing yielding ad-hoc and extremely limited results. Further, there is very limited connection between software-based simulation results and hardware-based experiments. This work bridges software-based and hardware-based fault injection vulnerability detection by contrasting results of both approaches. This demonstrates that: not all software-based vulnerabilities can be reproduced in hardware; prior conjectures on the fault model for Electro-Magnetic Pulse attacks may not be accurate; and that there is a co-relation between software-based and hardware-based approaches. Further, combining both approaches can yield a vastly more accurate and efficient approach to detecting genuine fault injection vulnerabilities.