Fault Injection Attacks (FIAs) are a significant threat to hardware security, capable of compromising systems by inducing malicious faults in computation or storage. Evaluating resilience against such attacks is challenging due to the high cost, complexity, and limited availability of physical fault experiments, particularly during pre-silicon development. Architectural-level simulation offers a developer-oriented, white-box perspective for systematic vulnerability assessment. This paper introduces InjectV, a fault injection attack framework for RISC-V platforms built on the gem5 simulator. InjectV enables precise, guided fault injection at security-critical execution points, such as control-flow decisions, counters, and comparisons, allowing systematic exploration of attack vectors. It currently supports transient fault attacks in registers and memory, broadening its ability to simulate diverse attack scenarios. Experimental results on security benchmarks from the FISSC suite, including hardened variants of the VerifyPIN application, demonstrate InjectV's ability to effectively identify fault-injection points, achieving a 95.8% time-saving advantage over traditional fault injection approaches.
翻译:故障注入攻击(FIA)是对硬件安全性的重大威胁,其通过在计算或存储过程中诱发恶意故障,能够危及系统安全。由于物理故障实验的高成本、复杂性以及可用性有限(尤其是在硅前开发阶段),评估系统对此类攻击的鲁棒性极具挑战性。体系结构级仿真提供了一种面向开发者、具备白盒视角的系统性漏洞评估方法。本文提出InjectV——一种基于gem5仿真器构建的RISC-V平台故障注入攻击框架。InjectV能够在安全关键执行点(如控制流决策、计数器和比较操作)实现精确的引导式故障注入,从而支持对攻击向量的系统性探索。该框架当前支持寄存器及存储器中的瞬态故障攻击,增强了模拟多样攻击场景的能力。基于FISSC测试基准中的安全基准程序(包括VerifyPIN应用的高安全加固变体)的实验结果表明,InjectV能够有效识别故障注入点,相比传统故障注入方法实现95.8%的时间节省优势。
相关内容
微信扫码咨询专知VIP会员