Design and Analysis of Side-Channel Feedback for Vulnerability Discovery

Fuzzing is a dynamic testing technique that enables vulnerabilities to be discovered very efficiently. Hundreds or even thousands of vulnerabilities are detected (and repaired) every year in the software we use. When we try to transpose the fuzzing approach to embedded systems, we are faced with a number of problems: the source code is not always available, very little information is available about the behaviour of the system at runtime and, finally, it is difficult to detect whether a bug has appeared. For several years now, the LTSO laboratory has been developing state-of-the-art techniques for analysing auxiliary channels, in particular the electromagnetic radiation produced by systems during operation. These measurements make it possible to infer information (data, executed code) about the behaviour of the system in a non-intrusive way. The aim of this thesis is therefore to determine whether these side-channel measurements can be used to improve the fuzzing process on embedded systems. The use of this new source of information also opens the door to the discovery of new classes of vulnerabilities, such as micro-architectural vulnerabilities. The PhD will take place at CEA Grenoble, within the LETI institute, in a research team dedicated to the study and development of solutions for the security of present and future electronic systems (http://www.leti-cea.com/cea-tech/leti/english/Pages/Applied-Research/Facilities/cyber-security-platform.aspx). Translated with www.DeepL.com/Translator (free version)