Abstract
In this paper, we present a hardware/software co-attack to hijack a program flow on microcontrollers. The basic idea is to skip a few instructions using multiple fault injection in microcontrollers in cooperation with a software attack. We focus on buffer overflow (BOF) attacks together with such multiple fault injection. The proposed attack can be applied to a program code with a typical software countermeasure against BOF attacks. The attack manipulates the program control flow by skipping specific instructions related to the countermeasure, and thus, the subsequent BOF attack code is successfully executed on the microcontroller. We show the effectiveness of our proposed attack through experiments using an 8-bit AVR ATmega163 microcontroller and a 32-bit ARM Cortex-M0+ microcontroller, where the target software was equipped with a countermeasure limiting the size of user input against BOF attacks. The result showed that our attack can overwrite a return address stored in a stack and call an arbitrary malicious function. We also propose a software countermeasure against our attack and prove its validity by examining all the possible instruction skips.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
