Combining High-Level and Low-Level Approaches to Evaluate Software Implementations Robustness Against Multiple Fault Injection Attacks

International audiencePhysical fault injections break security functionalities of algorithms by targeting their implementations. Software techniques strengthen such implementations to enhance their robustness against fault attacks. Exhaustively testing physical fault injections is time consuming and requires complex platforms. Simulation solutions are developed for this specific purpose. We chose two independent tools presented in 2014, the Laser Attack Robustness (Lazart) and the Embedded Fault Simulator (EFS) in order to evaluate software implementations against multiple fault injection attacks. Lazart and the EFS share the common goal that consists in detecting vulnerabilities in the code. However, they operate with different techniques , fault models and abstraction levels. This paper aims at exhibiting specific advantages of both approaches and proposes a combining scheme that emphasizes their complementary nature

Dependable reconfigurable multi-sensor poles for security

Wireless sensor network poles for security monitoring under harsh environments require a very high dependability as they are safety-critical [1]. An example of a multi-sensor pole is shown. Crucial attribute in these systems for security, especially in harsh environment, is a high robustness and guaranteed availability during lifetime. This environment could include molest. In this paper, two approaches are used which are applied simultaneously but are developed in different projects. \u

Frio pilot in CO2 sequestration in brine-bearing sandstones: The University of Texas at Austin, Bureau of Economic Geology, report to the Texas Commission on Environmental Quality to accompany a class V application for an experimental technology pilot injection well.

GEOSEQ project (LBNL, LLNL, ORNL), NETL, Schlumberger–Doll Research Center, Transpetco, Sandia TechnologiesJackson School of Geoscience

Systematic Model-based Design Assurance and Property-based Fault Injection for Safety Critical Digital Systems

With advances in sensing, wireless communications, computing, control, and automation technologies, we are witnessing the rapid uptake of Cyber-Physical Systems across many applications including connected vehicles, healthcare, energy, manufacturing, smart homes etc. Many of these applications are safety-critical in nature and they depend on the correct and safe execution of software and hardware that are intrinsically subject to faults. These faults can be design faults (Software Faults, Specification faults, etc.) or physically occurring faults (hardware failures, Single-event-upsets, etc.). Both types of faults must be addressed during the design and development of these critical systems. Several safety-critical industries have widely adopted Model-Based Engineering paradigms to manage the design assurance processes of these complex CPSs. This thesis studies the application of IEC 61508 compliant model-based design assurance methodology on a representative safety-critical digital architecture targeted for the Nuclear power generation facilities. The study presents detailed experiences and results to demonstrate the benefits of Model testing in finding design flaws and its relevance to subsequent verification steps in the workflow. Additionally, to study the impact of physical faults on the digital architecture we develop a novel property-based fault injection method that overcomes few deficiencies of traditional fault injection methods. The model-based fault injection approach presented here guarantees high efficiency and near-exhaustive input/state/fault space coverage, by utilizing formal model checking principles to identify fault activation conditions and prove the fault tolerance features. The fault injection framework facilitates automated integration of fault saboteurs throughout the model to enable exhaustive fault location coverage in the model