P. Berthomé, K. Heydemann, Xavier Kauffmann-Tourkestansky, Jean-François Lalande
{"title":"Attack model for verification of interval security properties for smart card C codes","authors":"P. Berthomé, K. Heydemann, Xavier Kauffmann-Tourkestansky, Jean-François Lalande","doi":"10.1145/1814217.1814219","DOIUrl":null,"url":null,"abstract":"Smart card programs are subject to physical attacks that disturb the execution of the embedded code. These attacks enable attackers to steal valuable information or to force a malicious behavior upon the attacked code. This paper proposes a methodology to check interval security properties on smart card source codes. The goal is to identify critical attacks that violate these security properties. The verification takes place at source-level and considers all possible attacks thanks to a proposed source-level model of physical attacks. The paper defines an equivalence relation between attacks and shows that a code can be divided into areas where attacks are equivalent. Thus, verifying an interval security property considering all the possible attacks requires to verify as many codes as the number of equivalence classes. This paper provides a reduction algorithm to define the classes i.e. the minimal number of attacked codes that covers all possible attacks. The paper also proposes a solution to make the property verification possible for large codes or codes having unknown source parts.","PeriodicalId":119000,"journal":{"name":"ACM Workshop on Programming Languages and Analysis for Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Workshop on Programming Languages and Analysis for Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1814217.1814219","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 12
Abstract
Smart card programs are subject to physical attacks that disturb the execution of the embedded code. These attacks enable attackers to steal valuable information or to force a malicious behavior upon the attacked code. This paper proposes a methodology to check interval security properties on smart card source codes. The goal is to identify critical attacks that violate these security properties. The verification takes place at source-level and considers all possible attacks thanks to a proposed source-level model of physical attacks. The paper defines an equivalence relation between attacks and shows that a code can be divided into areas where attacks are equivalent. Thus, verifying an interval security property considering all the possible attacks requires to verify as many codes as the number of equivalence classes. This paper provides a reduction algorithm to define the classes i.e. the minimal number of attacked codes that covers all possible attacks. The paper also proposes a solution to make the property verification possible for large codes or codes having unknown source parts.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
