-
MCU-Wide Timing Side Channels and Their Detection
Authors:
Johannes Müller,
Anna Lena Duque Antón,
Lucas Deutschmann,
Dino Mehmedagić,
Cristiano Rodrigues,
Daniel Oliveira,
Keerthikumara Devarajegowda,
Mohammad Rahmani Fadiheh,
Sandro Pinto,
Dominik Stoffel,
Wolfgang Kunz
Abstract:
Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide t…
▽ More
Microarchitectural timing side channels have been thoroughly investigated as a security threat in hardware designs featuring shared buffers (e.g., caches) or parallelism between attacker and victim task execution. However, contradicting common intuitions, recent activities demonstrate that this threat is real even in microcontroller SoCs without such features. In this paper, we describe SoC-wide timing side channels previously neglected by security analysis and present a new formal method to close this gap. In a case study on the RISC-V Pulpissimo SoC, our method detected a vulnerability to a previously unknown attack variant that allows an attacker to obtain information about a victim's memory access behavior. After implementing a conservative fix, we were able to verify that the SoC is now secure w.r.t. the considered class of timing side channels.
△ Less
Submitted 18 July, 2024; v1 submitted 22 September, 2023;
originally announced September 2023.
-
MetFI: Model-driven Fault Simulation Framework
Authors:
Endri Kaja,
Nicolas Gerlin,
Luis Rivas,
Monideep Bora,
Keerthikumara Devarajegowda,
Wolfgang Ecker
Abstract:
Safety-critical designs need to ensure reliable operations under hostile conditions with a certain degree of confidence. The continuously higher complexity of these designs makes them more susceptible to the risk of failure. ISO26262 recommends fault injection as the proper technique to verify and measure the dependability of safety-critical designs. To cope with the complexity, a lot of effort an…
▽ More
Safety-critical designs need to ensure reliable operations under hostile conditions with a certain degree of confidence. The continuously higher complexity of these designs makes them more susceptible to the risk of failure. ISO26262 recommends fault injection as the proper technique to verify and measure the dependability of safety-critical designs. To cope with the complexity, a lot of effort and stringent verification flow is needed. Moreover, many fault injection tools offer only a limited degree of controllability.
We propose MetaFI, a model-driven simulator-independent fault simulation framework that provides multi-purpose fault injection strategies such as Statistical Fault Injection, Direct Fault Injection, Exhaustive Fault Injection, and at the same time reduces manual efforts. The framework enables injection of Stuck-at faults, Single-Event Transient faults, Single-Event Upset faults as well as Timing faults. The fault simulation is performed at the Register Transfer Level (RTL) of a design, in which parts of the design targeted for fault simulation are represented with Gate-level (GL) granularity. MetaFI is scalable with a full System-on-Chip (SoC) design and to demonstrate the applicability of the framework, fault simulation was applied to various components of two different SoCs. One SoC is running the Dhrystone application and the other one is running a Fingerprint calculation application. A minimal effort of 2 persondays was required to run 38 various fault injection campaigns on both the designs. The framework provided significant data regarding failure rates of the components. Results concluded that Prefetcher, a component of the SoC processor, is more susceptible to failures than the other targeted components on both the SoCs, regardless of the running application.
△ Less
Submitted 27 April, 2022;
originally announced April 2022.
-
Symbolic QED Pre-silicon Verification for Automotive Microcontroller Cores: Industrial Case Study
Authors:
Eshan Singh,
Keerthikumara Devarajegowda,
Sebastian Simon,
Ralf Schnieder,
Karthik Ganesan,
Mohammad R. Fadiheh,
Dominik Stoffel,
Wolfgang Kunz,
Clark Barrett,
Wolfgang Ecker,
Subhasish Mitra
Abstract:
We present an industrial case study that demonstrates the practicality and effectiveness of Symbolic Quick Error Detection (Symbolic QED) in detecting logic design flaws (logic bugs) during pre-silicon verification. Our study focuses on several microcontroller core designs (~1,800 flip-flops, ~70,000 logic gates) that have been extensively verified using an industrial verification flow and used fo…
▽ More
We present an industrial case study that demonstrates the practicality and effectiveness of Symbolic Quick Error Detection (Symbolic QED) in detecting logic design flaws (logic bugs) during pre-silicon verification. Our study focuses on several microcontroller core designs (~1,800 flip-flops, ~70,000 logic gates) that have been extensively verified using an industrial verification flow and used for various commercial automotive products. The results of our study are as follows: 1. Symbolic QED detected all logic bugs in the designs that were detected by the industrial verification flow (which includes various flavors of simulation-based verification and formal verification). 2. Symbolic QED detected additional logic bugs that were not recorded as detected by the industrial verification flow. (These additional bugs were also perhaps detected by the industrial verification flow.) 3. Symbolic QED enables significant design productivity improvements: (a) 8X improved (i.e., reduced) verification effort for a new design (8 person-weeks for Symbolic QED vs. 17 person-months using the industrial verification flow). (b) 60X improved verification effort for subsequent designs (2 person-days for Symbolic QED vs. 4-7 person-months using the industrial verification flow). (c) Quick bug detection (runtime of 20 seconds or less), together with short counterexamples (10 or fewer instructions) for quick debug, using Symbolic QED.
△ Less
Submitted 4 February, 2019;
originally announced February 2019.
