Detecting Fault Injection Attacks with Runtime Verification
This addresses security vulnerabilities in applications for developers and users, but it is incremental as it builds on existing runtime verification techniques.
The paper tackled the problem of detecting fault injection attacks in secure applications by defining formal models of runtime monitors, and the result was that these monitors effectively detected simulated attacks on a PIN verification program.
Fault injections are increasingly used to attack/test secure applications. In this paper, we define formal models of runtime monitors that can detect fault injections that result in test inversion attacks and arbitrary jumps in the control flow. Runtime verification monitors offer several advantages. The code implementing a monitor is small compared to the entire application code. Monitors have a formal semantics; and we prove that they effectively detect attacks. Each monitor is a module dedicated to detecting an attack and can be deployed as needed to secure the application. A monitor can run separately from the application or it can be ``weaved'' inside the application. Our monitors have been validated by detecting simulated attacks on a program that verifies a user PIN.