INGI Seminar

The State of Fault Injection Vulnerability Detection

by Thomas Given-Wilson

Fault injection is a well known method to test the robustness and security vulnerabilities of software. Fault injections can be explored by simulations (cheap, but not validated) and hardware experiments (true, but very expensive). Recent simulation works have started to apply formal methods to the detection, analysis, and prevention of fault injection attacks to address verifiability. However, these approaches are ad-hoc and extremely limited in architecture, fault model, and breadth of application. Further, there is very limited connection between simulation results and hardware experiments. Recent work has started to consider broad spectrum simulation approaches that can cover many fault models and relatively large programs. Similarly the connection between these broad spectrum simulations and hardware experiments is being validated to bridge the gap between the two approaches. This presentation highlights the latest developments in applying formal methods to fault injection vulnerability detection, and validating software and hardware results with one another.

Thomas Given-Wilson holds a BCST from the University of Sydney, and both  BS(Hons)IT and PhD from the University of Technology, Sydney. He worked on  static analysis tools for NICTA before moving to France to join Inria Saclay  as a post-doctoral researcher. At Inria Saclay Thomas' research focused upon  privacy, concurrency, and quantified information flow. Since moving to INRIA  Rennes Thomas' research has expanded to also include cryptography, malware analysis, cyber-security, and human motion models.