µArchiFI for pre-silicon formal analysis of fault-injection vulnerabilities

#Cybersecurity #Fault injection #open source #Pre-silicon formal analysis

Used for pre-silicon formal analysis, µArchiFI assesses the robustness of systems-on-chip (SoCs) to fault injection attacks. The tool factors in the subtle interactions between the microarchitecture of a processor and the software running on it.

µArchiFI can be used in two ways:

Analyze these hardware-software interactions to pinpoint exploitable software vulnerabilities.
Formally prove that a system with embedded fault-injection countermeasures is secure.

µArchiFI is available on an open-source basis.

What it is for

Pre-silicon analysis of processor microarchitectures

Fault injection attacks exploit physical phenomena like radiation or clock disturbances, for example, to access sensitive data or acquire runtime privileges in a system-on-chip. Because the effects of the faults injected propagate from the hardware to the software, modeling hardware or software alone is not sufficient.

With µArchiFI, the processor, software, and attacker model are all integrated, ensuring a comprehensive analysis useful in the design and verification of fault-injection countermeasures.

Advantages

Expert know-how, useful features, and technological sovereignty

µArchiFI stands out for its key strengths:

Pre-silicon analysis of the consequences, at the software binary level, of applying a fault model to RTL (Register Transfer Level) processor designs.
Exhaustive analysis technique using formal methods.
Original hardware countermeasure analysis technique applied at the hardware circuit netlist level.
Application to different processors secured with hardware and/or software countermeasures and to cryptographic hardware accelerators.

Applications

Vulnerability detection, reverse engineering, and more

µArchiFI can identify a hardware/software system’s potential vulnerabilities or provide formal proof of robustness for a given fault model.

The tool is of interest to countermeasure designers, who can use it to assess, during the design phase, the benefits of planned countermeasures to system security. Hardware designers can use the tool to analyze any vulnerabilities found so that countermeasure specifications and implementations can be corrected during the design phase.

µArchiFI is also useful for analyzing how robust a system is to fault injection attacks.

Use case

Analysis of a Root of Trust (RoT) secure boot

A hardware Root of Trust (RoT) is a key security component in systems-on-chip (SoCs). The robustness of a RoT is generally determined using post-silicon analysis, which is not only costly, but which can also produce inconsistent results depending on the evaluator and tools used.

An original method called k-Fault Resistant Partitioning (k-FRP), developed by CEA-List in partnership with the Technical University of Graz (TU Graz), led to the first-ever fault injection security analysis of OpenTitan, the first open-source secure element, or hardware RoT. OpenTitan was developed by a consortium of digital systems and cybersecurity industry leaders.

Success stories

A series of world-firsts

µArchiFI has been used to achieve several world-firsts, confirming its significant technological lead over other solutions:

Automated identification of vulnerabilities on a non-secure processor and new insights into effects exploiting the processor microarchitecture (2022).
Proof-of-robustness of a hardware/software countermeasure for a given scope and fault-injection attack (2022).
Identification of a previously-unknown vulnerability in the OpenTitan hardware RoT; formal verification that the patch implemented in OpenTitan’s design effectively corrects the vulnerability, proving robustness to a fault injection attack on the secure processor (2024).
A demonstration that the vulnerability identified was not exploitable in the 2,500 instructions of the first level of OpenTitan’s boot code.

Publications

Fault-Resistant Partitioning of Secure CPUs for System Co-Verification against Faults. Simon Tollec, Vedad Hadzic, Pascal Nasahl, Mihail Asavoae, Roderick Bloem, Damien Couroussé, Karine Heydemann, Mathieu Jan, Stefan Mangard. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2024.
μArchiFI: Formal Modeling and Verification Strategies for Microarchitectural Fault Injections. Simon Tollec, Mihail Asavoae, Damien Couroussé, Karine Heydemann, Mathieu Jan. FMCAD 2023.
Exploration of Fault Effects on Formal RISC-V Microarchitecture Models. Simon Tollec Mihail Asavoae, Damien Couroussé, Karine Heydemann, Mathieu Jan. FDTC 2022.

Go to the µArchiFI page on Github

Le CEA est un acteur majeur de la recherche, au service de l'État, de l'économie et des citoyens. Il apporte des solutions concrètes à leurs besoins dans quatre domaines principaux : transition énergétique, transition numérique, technologies pour la médecine du futur, défense et sécurité.

µArchiFI for pre-silicon formal analysis of fault-injection vulnerabilities

Pre-silicon analysis of processor microarchitectures

Expert know-how, useful features, and technological sovereignty

Vulnerability detection, reverse engineering, and more

Analysis of a Root of Trust (RoT) secure boot

Success stories

A series of world-firsts

Publications

See also

Analyzing robustness of secure systems against fault injection attacks: in processor microarchitecture

Cybersecurity: toward safety and privacy by design

Cybersecurity

CEA-List, the smart digital systems specialists

▼ Naviguer dans le portail ▼