Abstract
Fault injection is a sophisticated attack in which an attacker may sidestep security of an application by inducing bit-flips in the underlying platform. These attacks are typically performed by tampering with the system hardware, but recent RowHammer attacks have shown that bit-flips can be induced predictably and on a large scale through software alone [12]. It is practically impossible for a developer to evaluate and assess if and how much an application is vulnerable to RowHammer attacks. In this paper, we leverage statistical model checking (SMC) to help with these challenges by modelling and analysing potential effects of bit-flips as well as measure the efficacy of proposed mitigation. We illustrate our approach on SUDO, one of several security critical applications recently targeted in the RowHammer-based Mayhem attacks [1].
| Original language | English |
|---|---|
| Title of host publication | Bridging the Gap Between AI and Reality : Second International Conference, AISoLA 2024, Crete, Greece, October 30 – November 3, 2024, Proceedings |
| Publisher | Springer |
| Publication date | Dec 2024 |
| Edition | 1 |
| Pages | 379-397 |
| ISBN (Print) | 978-3-031-75433-3 |
| ISBN (Electronic) | 978-3-031-75434-0 |
| DOIs | |
| Publication status | Published - Dec 2024 |
| Event | AISoLA 2024 - Crete, Greece Duration: 30 Oct 2024 → 3 Nov 2024 |
Conference
| Conference | AISoLA 2024 |
|---|---|
| Country/Territory | Greece |
| City | Crete |
| Period | 30/10/2024 → 03/11/2024 |
| Series | Lecture Notes in Computer Science |
|---|---|
| Volume | 15217 |
| ISSN | 0302-9743 |