lazart a symbolic approach for evaluating the robustness
play

Lazart: a symbolic approach for evaluating the robustness of secured - PowerPoint PPT Presentation

Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections M. L. Potet L. Mounier M. Puys L. Dureuil VERIMAG University of Grenoble Alpes, France SDTA 2014 First presented in ICST 2014


  1. Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections M. L. Potet L. Mounier M. Puys L. Dureuil VERIMAG University of Grenoble Alpes, France SDTA 2014 First presented in ICST 2014 Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 1/19

  2. Outline 1 Context and Motivation 2 The Lazart Approach 3 A quick example 4 Conclusion and perspectives Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 2/19

  3. Context: smart card certification Smart cards Pervasive : bank, health, phones, . . . (7 billions sold in 2012) Contain sensible data and applications ⇒ can be attacked! Smart card security Protections mechanisms added by manufacturers Well-defined certification process, prior to commercialization: Security functional test Penetration test Certification procedures include Physical testing on the device (black box) Code review and/or code analysis (white box) Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 3/19

  4. Effects of fault injection at the source level 1 int verify(char buffer [4]) 1 MOV R3 , #01h 2 { 2 MOV R0 , #00h 3 int i; 3 WHILE: MOV A, R0 4 for(i = 0; i < 4; i++) 4 SUBB A, #04h 5 if(buffer[i] != pin[i]) 5 JZ END // exit loop { 6 DO: 6 authenticated = 0; 7 MOV R2 , [buffer+i] 7 goto FAILURE; 8 MOV A, [pin+i] 8 } 9 SUBB A, R2 9 authenticated = 1; 10 JZ SUCCESS 10 return EXIT_SUCCESS; 11 MOV R3 , #00h 11 FAILURE : return 12 JMP END EXIT_FAILURE; 13 12 } 14 SUCCESS: INC R0 15 JMP WHILE 16 17 END: MOV authenticated , R3 18 RET Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 4/19

  5. Security Property and Fault Model Security Property → Enforce or prevent the execution of specific instruction(s). ⇒ ֒ Attack Objective = set of basic blocks (not) to be reached Objectives of the analysis: Predict (or prove the absence of) possible attacks, for a given fault model Locate the“dangerous spots”in the code Evaluate the relevance of existing counter-measures Fault Model - Multiple faults Volatile control structure test inversion (e.g., if , while , etc.) → Encompass multiple binary-level attacks, e.g., ֒ NOP injection, modify flag or register value, . . . Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 5/19

  6. Outline 1 Context and Motivation 2 The Lazart Approach 3 A quick example 4 Conclusion and perspectives Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 6/19

  7. The complete tool chain LLVM framework Java tool CFG mutant appli.ll mutation strategy appli.ll coloring generation attack objectives mutant.ll symbolic KLEE test case generation attack paths inconclusive robustness "proof" Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 7/19

  8. Step 1: CFG-coloring entry: entry: T F T F bb: bb: bb4: bb4: T F T F bb1: bb1: T F T F bb2: bb3: bb2: bb3: FAILURE: bb5: FAILURE: bb5: bb6: bb6: return: return: (a) cfg for 'Verify' function (b) Colored cfg for bb5 to be reached Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 8/19

  9. Step 2: Mutation operators Example: mandatory mutation operator bb: T F bb: bbTI: T F bb1: bb2: bb1: (a) A mutation scheme (b) Our mandatory mutation More complex mutation operators Using only mandatory mutations guarantees adversary to reach the objective. More mutation operators describing optional faults the adversary can use to optimize his attack path. Guarded by boolean values named activ_i . Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 9/19

  10. Step 3: Symbolic execution → Produce“all possible”mutant executions . . . ֒ Symbolic values Attack activation guards activ_i . Security-relevant external inputs (e.g., PIN input values). Assertions Inputs constraints (e.g., the entered PIN is incorrect). Maximal fault number (e.g., fault <= 2 ). Coverage criteria (Try to) exercise each symbolic execution path. (Try to) satisfy/violate each assertion. Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 10/19

  11. Step 4: Results gathering Tool-chain Use of LLVM-Klee and STP solver. Produces trace execution files for: “Correct”test cases. Assertion violations, execution errors. Timeout occurrences (to many paths or untractable constraint). Robustness verdicts (for a given fault number) ATK ∃ an execution path satisfying the assertions. INC timeout detection and no attack produced. ROB no timeout and no attack . . . Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 11/19

  12. Outline 1 Context and Motivation 2 The Lazart Approach 3 A quick example 4 Conclusion and perspectives Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 12/19

  13. On an example: VerifyPIN entry: T F bb: 1 int verify(char buffer [4]) { 2 int i; 3 for(i = 0; i < 4; i++) { bb4: 4 if(buffer[i] != pin[i]) { T F 5 authenticated = 0; bb1: 6 goto FAILURE; T F 7 } 8 } bb2: bb3: 9 authenticated = 1; 10 return EXIT_SUCCESS; FAILURE: bb5: 11 FAILURE: 12 return EXIT_FAILURE; bb6: 13 } return: (b) Colored cfg for bb5 to be reached Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 13/19

  14. Results obtained for the VerifyPIN example Number of test execution produced: # fault injections no input constraints input PIN is incorrect fault ==0 1 0 fault ==1 x 1 fault ==2 x 1 fault > = 3 x 3 A 1-fault attack scenario Circumvent the whole loop (PIN verification) execution Optional mutation on bb4 A 4-faults attack scenario Change the result (inside the loop) when checking each PIN digit Mandatory mutation on bb1: force the flow to bb3 Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 14/19

  15. A PIN Verify procedure with countermeasures (CM) 1 char triesLeft = maxTries; entry: 2 char triesLeftBackup = -maxTries; // triesleft BACKUP T F 3 BYTE Verify(char buffer [4]) { bb: 4 int i; T F 5 int stepCounter = INITIAL_VALUE ; // instruction counter bb2: T F 6 short char t1 = triesLeft; 7 if(t1 != -triesLeftBackup ) goto CM ; // check with bb1: bb3: triesleft BACKUP 8 if(triesLeft <= 0) return EXIT_FAILURE ; bb8: 9 t1 --; triesLeft = t1; triesLeftBackup ++; T F 10 if(triesLeft != -triesLeftBackup ) goto CM ; 11 equal = BOOL_TRUE; bb4: bb9: T F T F 12 for(i = 0; i < 4; i++) 13 {equal=equal &(( buffer[i]!= pin[i])?BOOL_FALSE : bb5: bb6: bb10: BOOL_TRUE); T F 14 stepCounter ++; }; 15 if(equal == BOOL_TRUE) { bb7: bb11: T F 16 if(equal != BOOL_TRUE) goto CM ; // redundant test bb12: 17 triesLeft = maxTries; triesLeftBackup = -maxTries; T F 18 if (triesLeft != -triesLeftBackup ) goto CM ; bb14: bb15: 19 authenticated = 1; T F 20 if( stepCounter == INITIAL_VALUE + 4) // check instruction counter CM: bb13: bb16: 21 return EXIT_SUCCESS ; } // TO BE REACHED 22 else { bb17: 23 authenticated = 0; 24 if( stepCounter == INITIAL_VALUE + 4) // check instruction counter return: 25 return EXIT_FAILURE ; } (a) Colored CFG for bb12 to be reached 26 } Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 15/19

  16. Outline 1 Context and Motivation 2 The Lazart Approach 3 A quick example 4 Conclusion and perspectives Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 16/19

  17. Conclusion Current results Higher-order fault injection according to the state of the art Positive and negative diagnostic A tool suite based on robust tools (Clang, LLVM, Klee) validation on“realistic”applications (PIN verifier, random number generator, OpenSSH, . . . ) A conservative approach for extended fault models [PMPD14] Lazart: A symbolic approach for evaluation the robustness of secured codes against control flow injections. In ICST 2014, March 2014. [RPL+14] Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks. In FPS 2014, November 2014. Lazart: a symbolic approach for evaluating the robustness of secured codes against control flow fault injections 17/19

Recommend


More recommend