Abstract
Fault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level.
Chapter PDF
Similar content being viewed by others
References
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Atluri, V., Meadows, C., Juels, A. (eds.) 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM Press, Alexandria (2005)
Balasch, J., Gierlichs, B., Verbauwhede, I.: An in-depth and black-box characterization of the effects of clock glitches on 8-bit MCUs. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) The 8th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 105–114. IEEE Computer Society Press, Nara (2011)
Barbu, G., Duc, G., Hoogvorst, P.: Java card operand stack: fault attacks, combined attacks and countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 297–313. Springer, Heidelberg (2011)
Barbu, G., Thiebeauld, H., Guerin, V.: Attacks on java card 3.0 combining fault and logical attacks. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 148–163. Springer, Heidelberg (2010)
Barenghi, A., Breveglieri, L., Koren, I., Naccache, D.: Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures. Proceedings of the IEEE 100(11), 3056–3076 (2012)
Barenghi, A., Trichina, E.: Fault attacks on stream ciphers. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography. Information Security and Cryptography, pp. 239–255. Springer, Heidelberg (2012)
Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.F.: High level model of control flow attacks for smart card functional security. In: 7th International Conference on Availability, Reliability and Security, AReS 2012, pp. 224–229. IEEE Computer Society, Prague (2012)
Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Zakon, R.H., McDermott, J.P., Locasto, M.E. (eds.) 27th Annual Computer Security Applications Conference, pp. 353–362. ACM Press, Orlando (2011)
Bouffard, G., Iguchi-Cartigny, J., Lanet, J.L.: Combined software and hardware attacks on the java card control flow. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 283–296. Springer, Heidelberg (2011)
Bouffard, G., Thampi, B.N., Lanet, J.-L.: Detecting laser fault injection for smart cards using security automata. In: Thampi, S.M., Atrey, P.K., Fan, C.-I., Perez, G.M. (eds.) SSCC 2013. CCIS, vol. 377, pp. 18–29. Springer, Heidelberg (2013)
Brayton, R., et al.: Vis: A system for verification and synthesis. In: Alur, R., Henzinger, T.A. (eds.) CAV 1996. LNCS, vol. 1102, pp. 428–432. Springer, Heidelberg (1996), http://vlsi.colorado.edu/~vis/
Ceara, D.: Detecting Software Vulnerabilities - Static Taint Analysis. Bsc thesis, Universitatea Politehnica Bucuresti, Verimag (2009)
Chen, Y., Venkatesan, R., Cary, M., Pang, R., Sinha, S., Jakubowski, M.H.: Oblivious hashing: A stealthy software integrity verification primitive. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 400–414. Springer, Heidelberg (2003)
Dehbaoui, A., Mirbaha, A.-P., Moro, N., Dutertre, J.-M., Tria, A.: Electromagnetic glitch on the AES round counter. In: Prouff, E. (ed.) COSADE 2013. LNCS, vol. 7864, pp. 17–31. Springer, Heidelberg (2013)
Fiskiran, A.M., Lee, R.B.: Runtime execution monitoring (REM) to detect and prevent malicious code execution. In: IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 452–457. IEEE Computer Society, San Jose (2004)
Goloubeva, O., Rebaudengo, M., Reorda, M.S., Violante, M.: Soft-error detection using control flow assertions. In: 18th International Symposium on Defect and Fault Tolerance in VLSI Systems, pp. 581–588. IEEE Computer Society, Boston (2003)
Guthaus, M.R., Ringenberg, J.S., Ernst, D., Austin, T.M., Mudge, T., Brown, R.B.: MiBench: A free, commercially representative embedded benchmark suite. In: 4th Annual Workshop on Workload Characterization, pp. 3–14. IEEE Computer Society, Austin (2001), http://www.eecs.umich.edu/mibench/
Iguchi-cartigny, J., Lanet, J.L.: Evaluation of Countermeasures Against Fault Attacks on Smart Cards. International Journal of Security and Its Applications 5(2), 49–60 (2011)
Keil: Keil uVision for ARM processors (2012), http://www.keil.com/support/man_arm.htm
Lackner, M., Berlach, R., Raschke, W., Weiss, R., Steger, C.: A defensive virtual machine layer to counteract fault attacks on java cards. In: Cavallaro, L., Gollmann, D. (eds.) WISTP 2013. LNCS, vol. 7886, pp. 82–97. Springer, Heidelberg (2013)
Leroy, X.: Formal certification of a compiler back-end or: programming a compiler with a proof assistant. In: Morrisett, J.G., Jones, S.L.P. (eds.) 33rd ACM Symposium on Principles of Programming Languages, pp. 42–54. ACM Press, Charleston (2006)
Levin, I.: A byte-oriented AES-256 implementation (2007), http://www.literatecode.com/aes256
Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. Journal of Cryptographic Engineering, 1–12 (2014)
Moro, N., Dehbaoui, A., Heydemann, K., Robisson, B., Encrenaz, E.: Electromagnetic Fault Injection: Towards a Fault Model on a 32-bit Microcontroller. In: Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 77–88. IEEE Computer Society, Santa Barbara (2013)
Nicolescu, B., Savaria, Y., Velazco, R.: SIED: Software implemented error detection. In: 18th International Symposium on Defect and Fault Tolerance in VLSI Systems, pp. 589–596. IEEE Computer Society, Boston (2003)
Oh, N., Shirvani, P., McCluskey, E.: Control-flow checking by software signatures. IEEE Transactions on Reliability 51(1), 111–122 (2002)
Verbauwhede, I., Karaklajić, D., Schmidt, J.M.: The fault attack jungle - a classification model to guide you. In: Breveglieri, L., Guilley, S., Koren, I., Naccache, D., Takahashi, J. (eds.) 8th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 3–8. IEEE Computer Society, Nara (2011)
Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: Detecting violation of control flow integrity using performance counters. In: Swarz, R.S., Koopman, P., Cukier, M. (eds.) IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 1–12. IEEE Computer Society, Boston (2012)
Yamaguchi, F., Wressnegger, C., Gascon, H., Rieck, K.: Chucky: exposing missing checks in source code for vulnerability discovery. In: Sadeghi, A.R., Gligor, V.D., Yung, M. (eds.) ACM Conference on Computer and Communications Security, Berlin, Germany, pp. 499–510 (November 2013)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Lalande, JF., Heydemann, K., Berthomé, P. (2014). Software Countermeasures for Control Flow Integrity of Smart Card C Codes. In: Kutyłowski, M., Vaidya, J. (eds) Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in Computer Science, vol 8713. Springer, Cham. https://doi.org/10.1007/978-3-319-11212-1_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-11212-1_12
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-11211-4
Online ISBN: 978-3-319-11212-1
eBook Packages: Computer ScienceComputer Science (R0)