Skip to Main content Skip to Navigation

Sécurisation à la compilation de logiciels contre les attaques en fautes

Abstract : Embedded systems are increasingly present in our daily lives (e.g. credit cards, smartphones and biometric passports). Given the sensitivity of the data they handle, the safety of these systems has become a major concern for industry and state organizations. It is established that a fault injection in an embedded system can compromise the security of the data it contains, for example obtaining a secret key or bypassing an authentication mechanism.The goal of this thesis is the automatic generation of software protections against fault injection attacks on embedded systems. The source and binary approaches consist in inserting the protections respectively in the source and binary code of the application; this thesis explores the use of a compilation approach that consists in integrating the protections in the compiler.We propose an LLVM-based compiler allowing the automated application of several protection schemes during compilation: (1) a tolerance scheme against instruction-skip, (2) a control flow integrity scheme (CFI) to ensure the validity of the followed execution path and (3) and a scheme that combines CFI and instruction integrity, guaranteeing both the validity of followed execution path but also that no instruction along this path has been skipped or altered. Our approach based on a modified compiler allows making code protection and code optimization coexist, thus enabling the generation of a secure and optimized binary code in terms of memory footprint and execution time. We developed a fault simulator to validate the robustness of our protection schemes with respect to the considered fault models.This thesis shows that the compilation approach is a good compromise between the source approach that does not guarantee the integrity of security properties in the final binary code due to optimizations performed by the compiler, and the binary approach that considerably impacts the performance of the secure application due to the various necessary transformations.
Document type :
Complete list of metadata
Contributor : ABES STAR :  Contact
Submitted on : Wednesday, November 24, 2021 - 11:33:12 AM
Last modification on : Friday, November 26, 2021 - 3:28:15 AM


Version validated by the jury (STAR)


  • HAL Id : tel-01783995, version 2



Thierno Barry. Sécurisation à la compilation de logiciels contre les attaques en fautes. Autre. Université de Lyon, 2017. Français. ⟨NNT : 2017LYSEM037⟩. ⟨tel-01783995v2⟩



Record views


Files downloads