942 Hits in 8.0 sec

Formally verified software countermeasures for control-flow integrity of smart card C code

Karine Heydemann, Jean-François Lalande, Pascal Berthomé
2019 Computers & security  
The proposed software countermeasures protect the integrity of individual statements at the granularity of single C statements. They support many control-flow constructs of the C language.  ...  Identifying harmful control-flow attacks and designing countermeasures at the software level are tedious and tricky for developers.  ...  Second, we proposed countermeasures to detect control-flow attacks that jump more than two C lines of the code. Third, we formalized and verified the countermeasure schemes.  ... 
doi:10.1016/j.cose.2019.05.004 fatcat:s4bn4isplrg35gnkfasaskm6xq

Software Countermeasures for Control Flow Integrity of Smart Card C Codes [chapter]

Jean-François Lalande, Karine Heydemann, Pascal Berthomé
2014 Lecture Notes in Computer Science  
card and control flow integrity.  ...  The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond.  ...  Thus, in the specific context of smart cards or secure elements, to the best of our knowledge, no research work has proposed formally verified and experimentally evaluated countermeasures at C level that  ... 
doi:10.1007/978-3-319-11212-1_12 fatcat:nlondd6pyjalnbr4dukk3q2y7a

Vulnerability Analysis on Smart Cards Using Fault Tree [chapter]

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean-Louis Lanet
2013 Lecture Notes in Computer Science  
We apply this method to Java Card vulnerability analysis. We define the properties that must be ensured: integrity and confidentiality of smart card data and code.  ...  In smart card domain, attacks and countermeasures are advancing at a fast rate. In order to have a generic view of all the attacks, we propose to use a Fault Tree Analysis.  ...  Code Integrity The first property to be analyzed in a smart card for understanding or implementing security features is the code integrity.  ... 
doi:10.1007/978-3-642-40793-2_8 fatcat:72qzommupbaanmliw7pk5sqg4y

Security automaton to mitigate laser-based fault attacks on smart cards

Guillaume Bouffard, Bhagyalekshmy N. Thampi, Jean Louis Lanet
2014 International Journal of Trust Management in Computing and Communications  
In this work we propose an automatic method to obtain control flow redundancy using a security automaton to mitigate laser based fault attacks and hence implement a smart card countermeasure based on the  ...  Security and attacks are two sides of the same coin in the smart card industry.  ...  The set S is made of elements of a language which expresses the control flow integrity policy, i.e. all the binary instructions controlling the program flow : ifeq, ifne, goto, invoke, return, … plus the  ... 
doi:10.1504/ijtmcc.2014.064158 fatcat:dmrcbn2m55aidcgberiiay2q5y

Lazart: A Symbolic Approach for Evaluation the Robustness of Secured Codes against Control Flow Injections

Marie-Laure Potet, Laurent Mounier, Maxime Puys, Louis Dureuil
2014 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation  
We propose a global approach, called Lazart, to evaluate code robustness against fault injections targeting control flow modifications. The originality of Lazart is twofolds.  ...  1 In the domain of smart cards, secured devices must be protected against high level attack potential [1] .  ...  In complement with classical hardware countermeasures, codes are hardened by software countermeasures (managing integrity counter, redundant conditions, etc.).  ... 
doi:10.1109/icst.2014.34 dblp:conf/icst/PotetMPD14 fatcat:gbzjezyqafbhpnbpqqjvk5o3u4

Efficient Design and Evaluation of Countermeasures against Fault Attacks Using Formal Verification [chapter]

Lucien Goubet, Karine Heydemann, Emmanuelle Encrenaz, Ronald De Keulenaer
2016 Lecture Notes in Computer Science  
This paper presents a formal verification framework and tool that evaluates the robustness of software countermeasures against faultinjection attacks.  ...  By modeling reference assembly code and its protected variant as automata, the framework can generate a set of equations for an SMT solver, the solutions of which represent possible attack paths.  ...  A generic and automatic protection scheme for control flow integrity at C level has been proposed in [7] .  ... 
doi:10.1007/978-3-319-31271-2_11 fatcat:fy4ebwizwjgbnhjmbdntelup54

Attack model for verification of interval security properties for smart card C codes

P. Berthomé, K. Heydemann, X. Kauffmann-Tourkestansky, J.-F. Lalande
2010 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security - PLAS '10  
Smart card programs are subject to physical attacks that disturb the execution of the embedded code.  ...  Thus, verifying an interval security property considering all the possible attacks requires to verify as many codes as the number of equivalence classes.  ...  ACKNOWLEDGMENTS This work was supported by engineering students in computer science for their master degree from ENSI de Bourges, France: F. Assoudi, F.-Z. Bouam, V. Dumand, M. Ougier.  ... 
doi:10.1145/1814217.1814219 dblp:conf/pldi/BerthomeHKL10 fatcat:k57wx37xencfzbmcjlatxsvtqu

An RTOS-based Fault Injection Simulator for Embedded Processors

Nejmeddine ALIMI, Younes LAHBIB, Mohsen MACHHOUT, Rached TOURKI
2017 International Journal of Advanced Computer Science and Applications  
The task is particularly important for micro-controllers since they have lower resistance to fault attacks compared to hardware-based cryptosystems.  ...  data-specific countermeasures.  ...  ARM-v7m No [30] High Level 2 Low Level 1 Data flow, Control flow Yes Byte Yes Smart- Card OS Embedded as an OS service.  ... 
doi:10.14569/ijacsa.2017.080537 fatcat:rhji4qfuojcjfp5i6kizgnpfgu

Guest Editors' Introduction: Evolving Critical Systems

Lorcan Coyle, Mike Hinchey, Bashar Nuseibeh, José Luiz Fiadeiro
2010 Computer  
For a constrained-resources device such as a smart card, adding ever more software countermeasures or onboard verification leads to performance issues during execution and also consumes card-memory space  ...  . • Controllability (C).  ...  Mike Hinchey is scientifi c director of Lero and a profes Dieter Lienert and Stefan Kriso describe the emerging functional safety standard for electrical and electronic automotive systems (ISO 26262) and  ... 
doi:10.1109/mc.2010.139 fatcat:fheyc5h4fjg2lebhftiaojmy3u

Formal verification of side-channel countermeasures using self-composition

J. Bacelar Almeida, Manuel Barbosa, Jorge S. Pinto, Bárbara Vieira
2013 Science of Computer Programming  
Our strategy to formally verify compliance to security policies such as those described above, which enforce the elimination of control flow and memory access dependencies as countermeasures against timing  ...  Smart cards, for example, incorporate various hardware countermeasures to reduce exposure to side-channel attacks, for example, by minimizing power consumption fluctuations when different operations are  ...  For any two states σ 1 , σ 2 such that σ 1 V ′ L = σ 2 , if (C, σ 1 ) ⇓ σ ′ 1 , then for some state σ ′ 2 one has that (C, σ 2 ) ⇓ σ ′ 2 , with the same memory trace and control flow for both executions  ... 
doi:10.1016/j.scico.2011.10.008 fatcat:k4jaosxejraejdgqhyfp6dcly4

SecureD: A Secure Dual Core Embedded Processor [article]

Roshan G. Ragel, Jude A. Ambrose, Sri Parameswaran
2015 arXiv   pre-print
Therefore, this paper, for the first time, proposes a hardware/software based countermeasure against both code-injection attacks and power analysis based side-channel attacks in a dual core embedded system  ...  In the past, a number of countermeasures, both hardware- and software-based, were proposed individually against these two types of attacks.  ...  SecureD for Detecting Code-injection Attacks SecureD ensures code integrity of an application by verifying whether all basic blocks of the program are intact at runtime [35] .  ... 
arXiv:1511.01946v1 fatcat:rxtdftx74jgpxen2m4uxhewqgy

Secure Composition for Hardware Systems (Dagstuhl Seminar 19301)

Divya Arora, Ilia Polian, Francesco Regazzoni, Patrick Schaumont, Michael Wagner
2019 Dagstuhl Reports  
The goal of the Dagstuhl Seminar 19301 "Secure Composition for Hardware Systems" was to establish a common understanding of principles and techniques that can facilitate composition and integration of  ...  ., a system on chip (SoC), and from a hardwaresoftware perspective where hardware is integrated within a system that includes software.  ...  Clear requirements and assumptions that fit reality, Security metrics and confidence of metrics, Formal construction flow of integrating countermeasures (side effects of the protection countermeasures  ... 
doi:10.4230/dagrep.9.7.94 dblp:journals/dagstuhl-reports/AroraPRS19 fatcat:bwsa4luz6fb7ri7q62p5vxpefa

Correctness by construction: developing a commercial secure system

A. Hall, R. Chapman
2002 IEEE Software  
smart cards.  ...  The authors show how you can use techniques such as formal specification and static analysis in a realistic commercial development.  ...  Acknowledgments We thank John Beric of Mondex International for his comments on an early draft of this article.  ... 
doi:10.1109/52.976937 fatcat:32cwrfcn2nf5rml3jzo5ocdu7q

Foundations of Secure Scaling (Dagstuhl Seminar 16342)

Lejla Batina, Swarup Bhunia, Patrick Schaumont, Jean-Pierre Seifert, Marc Herbstritt
2017 Dagstuhl Reports  
While scaling is generally thought of as beneficial to the resulting implementations, this does not hold for secure electronic design.  ...  This report documents the program and the outcomes of Dagstuhl Seminar 16342 "Foundations of Secure Scaling".  ...  For instance, in the Bernstein's cache timing attack, we try to invoke the AES encryption by .xing part of the input, and randomize other parts of the inputs and obtain the total time for the encryption  ... 
doi:10.4230/dagrep.6.8.65 dblp:journals/dagstuhl-reports/BatinaBSS16 fatcat:qya6rznvonbi7pfic7ocbxwkea

Ontological Representation of Healthcare Application Security Using Blockchain Technology

Raimundas Matulevičius, Mubashar Iqbal, Emna Ammar Elhadjamor, Sonia Ayachi Ghannouchi, Mariia Bakhtina, Slaheddine Ghannouchi
2022 Informatica  
The results show that HealthOnt can support the iterative process of SRM and can be continually updated when new security threats, vulnerabilities, or countermeasures emerge.  ...  Blockchain is gaining traction for improving the security of healthcare applications, however, it does not become a silver bullet as various security threats are observed in blockchain-based applications  ...  Countermeasures: The developers should employ smart contract code analysers to discover flaws, race situations, and sanitize the smart contract code before deploying it on a blockchain.  ... 
doi:10.15388/22-infor486 fatcat:sn4vbasabfgzfj25ybuqnqkx4a
« Previous Showing results 1 — 15 out of 942 results