Statistical Analysis of the Impact of Bit-Flips in Security Critical Code

Publikation: Bidrag til bog/antologi/rapport/konference proceedingKonferenceartikel i proceedingForskningpeer review

Abstract

Fault injection is a sophisticated attack in which an attacker may sidestep security of an application by inducing bit-flips in the underlying platform. These attacks are typically performed by tampering with the system hardware, but recent RowHammer attacks have shown that bit-flips can be induced predictably and on a large scale through software alone [12]. It is practically impossible for a developer to evaluate and assess if and how much an application is vulnerable to RowHammer attacks. In this paper, we leverage statistical model checking (SMC) to help with these challenges by modelling and analysing potential effects of bit-flips as well as measure the efficacy of proposed mitigation. We illustrate our approach on SUDO, one of several security critical applications recently targeted in the RowHammer-based Mayhem attacks [1].
OriginalsprogEngelsk
TitelBridging the Gap Between AI and Reality : Second International Conference, AISoLA 2024, Crete, Greece, October 30 – November 3, 2024, Proceedings
ForlagSpringer
Publikationsdatodec. 2024
Udgave1
Sider379-397
ISBN (Trykt)978-3-031-75433-3
ISBN (Elektronisk)978-3-031-75434-0
DOI
StatusUdgivet - dec. 2024
BegivenhedAISoLA 2024
- Crete, Grækenland
Varighed: 30 okt. 20243 nov. 2024

Konference

KonferenceAISoLA 2024
Land/OmrådeGrækenland
ByCrete
Periode30/10/202403/11/2024
NavnLecture Notes in Computer Science
Vol/bind15217
ISSN0302-9743

Fingeraftryk

Dyk ned i forskningsemnerne om 'Statistical Analysis of the Impact of Bit-Flips in Security Critical Code'. Sammen danner de et unikt fingeraftryk.

Citationsformater