ISoLA 2024

International Symposium On Leveraging Applications of Formal Methods, Verification and Validation • Crete, Greece

Talk

Statistical Analysis of the Impact of Bit-Flips in Security Critical Code

Time: Sunday, 3.11

Room: Room 1

Authors:

Abstract: Fault injection is a sophisticated attack in which an attacker may sidestep security of an application by inducing bit-flips in the underlying platform. These attacks are typically performed by tampering with the system hardware, but recent RowHammer attacks have shown that bit-flips can be induced predictably and on a large scale through software alone. It is practically impossible for a developer to evaluate and assess if and how much an application is vulnerable to RowHammer attacks. In this paper, we leverage statistical model checking (SMC) to help with these challenges by modelling and analysing potential e!ects of bit-flips as well as measure the e”cacy of proposed mitigation. We illustrate our approach on SUDO, one of several security critical applications recently targeted in the RowHammer-based Mayhem attacks.

Paper: Download