Details
Originalsprache | Englisch |
---|---|
Aufsatznummer | 180 |
Fachzeitschrift | ACM Transactions on Embedded Computing Systems |
Jahrgang | 16 |
Ausgabenummer | 5s |
Publikationsstatus | Veröffentlicht - Sept. 2017 |
Abstract
Soft errors are a challenging and urging problem in the domain of safety-critical embedded systems. For decades, checking schemes have been investigated and improved to mitigate soft-error effects for the class of control-flow faults, with current industrial standards strongly recommending their use. However, reality looks different: Taking a systems perspective, we implemented four representative Control-Flow Checking (CFC) schemes and put them through their paces in 396 fault-injection campaigns. In contrast to previous work, which typically relied on probability-based vulnerability metrics, we accounted for the influence of memory and time overheads on the fault-space dimensions and applied those in full-scan fault injections. This change in procedure alone severely degraded the perceived effectiveness of CFC. In addition, we expanded the perspective to data-flow faults and their influence on the overall susceptibility, an aspect that so far has been largely ignored. Our results suggest that, without accompanying measures, any improvement regarding control-flow faults is dominated by the increase in data faults caused by the increased attack surface in terms of memory and runtime overhead. Moreover, CFC performance less depended on the detection capabilities than on general aspects of the concrete binary compilation and execution. In conclusion, incorporating CFC is not as straightforward as often assumed and the vulnerability of systems with hardened control-flow may in many cases even be increased by the schemes themselves.
ASJC Scopus Sachgebiete
- Informatik (insg.)
- Software
- Informatik (insg.)
- Hardware und Architektur
Zitieren
- Standard
- Harvard
- Apa
- Vancouver
- BibTex
- RIS
in: ACM Transactions on Embedded Computing Systems, Jahrgang 16, Nr. 5s, 180, 09.2017.
Publikation: Beitrag in Fachzeitschrift › Artikel › Forschung › Peer-Review
}
TY - JOUR
T1 - Demystifying Soft-Error Mitigation by Control-Flow Checking – A New Perspective on its Effectiveness
AU - Schuster, Simon
AU - Ulbrich, Peter
AU - Stilkerich, Isabella
AU - Dietrich, Christian
AU - Schröder-Preikschat, Wolfgang
N1 - Funding information: This article was presented in the International Conference on Embedded Software 2017 and appears as part of the ESWEEK-TECS special issue. This work is supported by the German Research Foundation (DFG) under grants no. SCHR 603/9-2, the Transregional Collaborative Research Centre “Invasive Computing” (SFB/TR89, Project C1), the Bavarian Ministry of State for Economics under grant no. 0704/883 25 (EU EFRE funds) and the German Federal Ministry of Education and Research with the funding ID 01IS16025 (ARAMiS II). Authors’ addresses: S. Schuster, P. Ulbrich, I. Stilkerich, C. Dietrich, and W. Schröder-Preikschat; emails: {schuster, ul-brich}@cs.fau.de, isabella@stilkerich.eu, dietrich@sra.uni-hannover.de, wosch@cs.fau.de. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org. 2017 Copyright is held by the owner/author(s). Publication rights licensed to ACM. ACM 1539-9087/2017/09-ART180 $15.00 https://doi.org/10.1145/3126503
PY - 2017/9
Y1 - 2017/9
N2 - Soft errors are a challenging and urging problem in the domain of safety-critical embedded systems. For decades, checking schemes have been investigated and improved to mitigate soft-error effects for the class of control-flow faults, with current industrial standards strongly recommending their use. However, reality looks different: Taking a systems perspective, we implemented four representative Control-Flow Checking (CFC) schemes and put them through their paces in 396 fault-injection campaigns. In contrast to previous work, which typically relied on probability-based vulnerability metrics, we accounted for the influence of memory and time overheads on the fault-space dimensions and applied those in full-scan fault injections. This change in procedure alone severely degraded the perceived effectiveness of CFC. In addition, we expanded the perspective to data-flow faults and their influence on the overall susceptibility, an aspect that so far has been largely ignored. Our results suggest that, without accompanying measures, any improvement regarding control-flow faults is dominated by the increase in data faults caused by the increased attack surface in terms of memory and runtime overhead. Moreover, CFC performance less depended on the detection capabilities than on general aspects of the concrete binary compilation and execution. In conclusion, incorporating CFC is not as straightforward as often assumed and the vulnerability of systems with hardened control-flow may in many cases even be increased by the schemes themselves.
AB - Soft errors are a challenging and urging problem in the domain of safety-critical embedded systems. For decades, checking schemes have been investigated and improved to mitigate soft-error effects for the class of control-flow faults, with current industrial standards strongly recommending their use. However, reality looks different: Taking a systems perspective, we implemented four representative Control-Flow Checking (CFC) schemes and put them through their paces in 396 fault-injection campaigns. In contrast to previous work, which typically relied on probability-based vulnerability metrics, we accounted for the influence of memory and time overheads on the fault-space dimensions and applied those in full-scan fault injections. This change in procedure alone severely degraded the perceived effectiveness of CFC. In addition, we expanded the perspective to data-flow faults and their influence on the overall susceptibility, an aspect that so far has been largely ignored. Our results suggest that, without accompanying measures, any improvement regarding control-flow faults is dominated by the increase in data faults caused by the increased attack surface in terms of memory and runtime overhead. Moreover, CFC performance less depended on the detection capabilities than on general aspects of the concrete binary compilation and execution. In conclusion, incorporating CFC is not as straightforward as often assumed and the vulnerability of systems with hardened control-flow may in many cases even be increased by the schemes themselves.
KW - Absolute-failurecount metrics
KW - CFC
KW - CFCSS
KW - Control-flow checking
KW - Fault-coverage
KW - Fault-injection experiments
KW - Reliability metrics
KW - Soft error mitigation
KW - Software-based fault tolerance
KW - YACCA
UR - http://www.scopus.com/inward/record.url?scp=85030697676&partnerID=8YFLogxK
U2 - 10.1145/3126503
DO - 10.1145/3126503
M3 - Article
AN - SCOPUS:85030697676
VL - 16
JO - ACM Transactions on Embedded Computing Systems
JF - ACM Transactions on Embedded Computing Systems
SN - 1539-9087
IS - 5s
M1 - 180
ER -