Automated Code Review for Fault Injection

Master thesis (2013)

Authors

Contributors

K. Bertels (mentor)
R. Nane (mentor)
C.B. Breunesse (mentor)
Programme
Embedded Systems (EEMCS) (TU Delft)
Copyright: © 2013 Diaconescu, A.I.
More Info
expand_more

Published Date

29-08-2013

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Programme

Embedded Systems

Abstract

The software quality relies, among others, on security. In the smartcards domain assumed throughout this paper, the focus is on security. Smartcards are embedded systems that contain sensitive information. Code review is one of the most efficient evaluation techniques applied to smartcards. It is used for the examination of the smartcard source code in order to find security weak points. Since the code review is expensive, time-consuming and error-prone when done manually, we developed an application that is performing this process automatically. According to our knowledge, this automation of the code review process for smartcards is an innovative approach. In this study, we use our application to identify the smartcard software vulnerabilities in order to further exploit them using fault injection. Fault injection is one of the most common attacks against smartcards. The developed application was evaluated and validated based on a test-suite composed of smartcard programs. The test-suite is composed of 12 smartcard programs that are based on defensive programming patterns against fault injection attacks. We were able to identify 15 vulnerability types in the test-suite. The success rate of the identified vulnerabilities from the test programs varies between 30% and 100%. As a result, we believe that the application will be a significant factor in evaluating the smartcard software.