Sécurisation à la compilation de logiciels contre les attaques en fautes

Abstract : Embedded systems are increasingly present in our daily lives (e.g. credit cards, smartphones and biometric passports). Given the sensitivity of the data they handle, the safety of these systems has become a major concern for industry and state organizations. It is established that a fault injection in an embedded system can compromise the security of the data it contains, for example obtaining a secret key or bypassing an authentication mechanism. The goal of this thesis is the automatic generation of software protections against fault injection attacks on embedded systems. The source and binary approaches consist in inserting the protections respectively in the source and binary code of the application; this thesis explores the use of a compilation approach that consists in integrating the protections in the compiler. We propose an LLVM-based compiler allowing the automated application of several protection schemes during compilation: (1) a tolerance scheme against instruction-skip, (2) a control flow integrity scheme (CFI) to ensure the validity of the followed execution path and (3) and a scheme that combines CFI and instruction integrity, guaranteeing both the validity of followed execution path but also that no instruction along this path has been skipped or altered. Our approach based on a modified compiler allows making code protection and code optimization coexist, thus enabling the generation of a secure and optimized binary code in terms of memory footprint and execution time. We developed a fault simulator to validate the robustness of our protection schemes with respect to the considered fault models. This thesis shows that the compilation approach is a good compromise between the source approach that does not guarantee the integrity of security properties in the final binary code due to optimizations performed by the compiler, and the binary approach that considerably impacts the performance of the secure application due to the various necessary transformations.
Document type :
Theses
Complete list of metadatas

Cited literature [101 references]  Display  Hide  Download

https://hal-cea.archives-ouvertes.fr/tel-01783995
Contributor : Thierno Barry <>
Submitted on : Wednesday, May 2, 2018 - 8:24:07 PM
Last modification on : Monday, February 25, 2019 - 4:34:20 PM
Long-term archiving on : Monday, September 24, 2018 - 3:53:51 PM

File

These.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : tel-01783995, version 1

Collections

Citation

Thierno Barry. Sécurisation à la compilation de logiciels contre les attaques en fautes. Cryptographie et sécurité [cs.CR]. École des Mines de Saint-Etienne, 2017. Français. ⟨tel-01783995⟩

Share

Metrics

Record views

193

Files downloads

171