Abstract
Fault injection is a sophisticated attack in which an attacker may sidestep security of an application by inducing bit-flips in the underlying platform. These attacks are typically performed by tampering with the system hardware, but recent RowHammer attacks have shown that bit-flips can be induced predictably and on a large scale through software alone [12]. It is practically impossible for a developer to evaluate and assess if and how much an application is vulnerable to RowHammer attacks. In this paper, we leverage statistical model checking (SMC) to help with these challenges by modelling and analysing potential effects of bit-flips as well as measure the efficacy of proposed mitigation. We illustrate our approach on SUDO, one of several security critical applications recently targeted in the RowHammer-based Mayhem attacks [1].
Originalsprog | Engelsk |
---|---|
Titel | Bridging the Gap Between AI and Reality : Second International Conference, AISoLA 2024, Crete, Greece, October 30 – November 3, 2024, Proceedings |
Forlag | Springer |
Publikationsdato | dec. 2024 |
Udgave | 1 |
Sider | 379-397 |
ISBN (Trykt) | 978-3-031-75433-3 |
ISBN (Elektronisk) | 978-3-031-75434-0 |
DOI | |
Status | Udgivet - dec. 2024 |
Begivenhed | AISoLA 2024 - Crete, Grækenland Varighed: 30 okt. 2024 → 3 nov. 2024 |
Konference
Konference | AISoLA 2024 |
---|---|
Land/Område | Grækenland |
By | Crete |
Periode | 30/10/2024 → 03/11/2024 |
Navn | Lecture Notes in Computer Science |
---|---|
Vol/bind | 15217 |
ISSN | 0302-9743 |