Studying EM Pulse Effects on Superscalar Microarchitectures at ISA Level

Julien Proy 1 Karine Heydemann 2 Fabien Majeric 3 Albert Cohen 4 Alexandre Berzati 1
4 Parkas - Parallélisme de Kahn Synchrone
DI-ENS - Département d'informatique de l'École normale supérieure, CNRS - Centre National de la Recherche Scientifique, Inria de Paris
Abstract : In the area of physical attacks, system-on-chip (SoC) designs have not received the same level of attention as simpler micro-controllers. We try to model the behavior of secure software running on a superscalar out-of-order microprocessor typical of more complex SoC, in the presence of electromagnetic (EM) pulses. We first show that it is possible, in a black box approach, to corrupt the loop iteration count of both original and hardened versions of two sensitive loops. We propose a characterization methodology based on very simple codes, to understand and classify the fault effects at the level of the instruction set architecture (ISA). The resulting classification includes the well established instruction skip and register corruption models, as well as new effects specific to more complex processors, such as operand substitution, multiple correlated register corruptions, advanced control-flow hijacking, and combinations of all reported effects. This diversity and complexity of effects can lead to powerful attacks. The proposed methodology and fault classification at ISA level is a first step towards a more complete characterization. It is also a tool supporting the designers of software and hardware countermeasures.
Complete list of metadatas
Contributor : Karine Heydemann <>
Submitted on : Wednesday, April 17, 2019 - 11:35:43 AM
Last modification on : Friday, July 5, 2019 - 3:26:03 PM

Links full text


  • HAL Id : hal-02102373, version 1
  • ARXIV : 1903.02623


Julien Proy, Karine Heydemann, Fabien Majeric, Albert Cohen, Alexandre Berzati. Studying EM Pulse Effects on Superscalar Microarchitectures at ISA Level. 2019. ⟨hal-02102373⟩



Record views