Konferenzen und Rahmenprogramm
Defeating Superman – Protecting Code Against Fault Attacks
Software is typically written assuming the underlying hardware performs (roughly) as intended. But attackers can exploit that fundamental trust to completely break embedded systems. Attackers can use fault injection to bypass instruction execution - this super-power means that tasks such as validating a firmware signature can be easily broken. Embedded developers must be aware of these attacks, and how to write code that can resist them. This work covers important concepts on this topic, and introduces open-source (and freely available) libraries and tools that can help developers avoid these attacks. Several examples are pulled from real products that have been broken with fault attacks, along with several open-source libraries that are vulnerable to fault injection attacks. While this work only serves as an introduction, it sets a path forward that developers can follow to find more information and perform their own experiments with open-source tools.
--- Datum: 27.02.2020 Uhrzeit: 11:30 - 12:00 Uhr Ort: Conference Counter NCC Ost