QEMU-Based Fault Injection for a System-Level Analysis of Software Countermeasures Against Fault Attacks

Abstract

Physical attacks, such as fault attacks, pose a decisive threat for the security of devices in the Internet of Things. An important class of countermeasures for fault attacks is fault tolerant software that is applicable for systems based on COTS hardware. In order to evaluate software countermeasures against fault attacks, fault injection is needed. However, established fault injection approaches require manufactured products or hardware details (e.g. netlists, RTL models), which are not available when using COTS hardware. In this paper, we present a QEMU-based fault injection platform that supports commercial COTS processors that are widely-used in the embedded domain. This framework allows a system-level analysis of software countermeasures by featuring the simulation of high-level hardware faults targeting, for example, memory cells, register cells, or the correct execution of instructions. The framework supports the generation of realistic fault attack scenarios. We illustrate the practicability of the approach by presenting two exemplary use cases.