The Sertif (Simulation for the Evaluation of Robustness of embedded Applications against Fault injection) project is funded by the call ANR-DGA ASTRID 2014 (project ANR-14-ASTR-0003-01).
Nowadays embedded systems are pervasive, as they can be found in banks, health, biometric passports or smartphones. Therefore ensuring the security of those systems and their applications constitutes a critical requirement for maintaining functionality and data protection. Specific designs and countermeasures are integrated by developers and manufacturers to enhance the resistance of their product against attacks. The security level of the products are then tested and evaluated by experts. Regarding vulnerability analysis, those evaluations must match the current state of the art. The fault injection related state of the art require maximizing the exhaustiveness of the attacks analysis and the forthcoming multiple attacks—both spatial and temporal—will further complicate the analysis.
The objective of the SERTIF project is to rationalize and automate as much as possible the robustness assessment process of highly secure systems against fault injection, starting from the code analysis and ending with the physical realization of attacks, with the aim to take into account to multiple faults, which is presently a significant lock. To achieve this goal the SERTIF project will respond the following challenges:
1. characterization of fault models truthful to physical attacks and implementation of those models in code analysis;
2. definition of coverage criteria to ensure the completeness of a fault injection campaign with respect to to security targets;
3. aid to the development of secure application by analyzing the effectiveness and relevance of the countermeasures in code;
4.transition to multiple faults attacks.
The techniques used will be low-level simulation, code mutation and more generally the combination of static and dynamic analysis on low-level code to handle the combinatorial explosion and to qualify the results of the vulnerability analysis against fault injection.
This project is based on the great complementary of the partners, who represent the various actors involved in the certification and development process of embedded applications on secure components.
Furthermore the partners are already independently developing their own tools for vulnerability analysis.
- WP1: Etat de l’art et recueil des besoins (porteur MORPHO)
- WP2: Définition de critères d’évaluation de robustesse (porteur CEA)
- WP3: Production d’un benchmark et plate-forme d’évaluation (porteur MORPHO)
- WP4: Techniques d’analyse de code et d’évaluation des contre-mesures (porteur VERIMAG)
- WP5: Gestion du projet et dissémination (porteur VERIMAG)