CRAFT: Characterizing and Root-Causing Fault Injection Threats at Pre-Silicon

📅 2025-03-05
📈 Citations: 0
Influential: 0
📄 PDF

career value

185K/year
🤖 AI Summary
This work addresses the detection and root-cause analysis of hardware fault-injection vulnerabilities in pre-silicon design. We propose a systematic, cross-abstraction-level verification methodology spanning RTL circuits, ISA semantics, and software behavior, instantiated on RISC-V. Our approach integrates RTL-level clock-glitch modeling, dynamic instruction tracing, and end-to-end behavioral validation to enable controllable fault injection and precise propagation-path tracking prior to tape-out. We uncover two previously unknown vulnerability classes: (1) instruction skipping causing critical memory values to remain unloaded, and (2) legitimate instructions being illegally invalidated, leading to control-flow hijacking. Furthermore, we introduce the first root-cause analysis framework bridging the physical layer to AI/ML application layers. Experimental validation successfully reproduces both vulnerabilities and demonstrates their capacity to induce critical misclassifications in AI inference tasks—establishing a reusable methodology for early-stage hardware security verification.

Technology Category

Application Category

📝 Abstract
Fault injection attacks represent a class of threats that can compromise embedded systems across multiple layers of abstraction, such as system software, instruction set architecture (ISA), microarchitecture, and physical implementation. Early detection of these vulnerabilities and understanding their root causes, along with their propagation from the physical layer to the system software, is critical to secure the cyberinfrastructure. This work presents a comprehensive methodology for conducting controlled fault injection attacks at the pre-silicon level and an analysis of the underlying system for root-causing behavior. As the driving application, we use the clock glitch attacks in AI/ML applications for critical misclassification. Our study aims to characterize and diagnose the impact of faults within the RISC-V instruction set and pipeline stages, while tracing fault propagation from the circuit level to the AI/ML application software. This analysis resulted in discovering two new vulnerabilities through controlled clock glitch parameters. First, we reveal a novel method for causing instruction skips, thereby preventing the loading of critical values from memory. This can cause disruption and affect program continuity and correctness. Second, we demonstrate an attack that converts legal instructions into illegal ones, thereby diverting control flow in a manner exploitable by attackers. Our work underscores the complexity of fault injection attack exploits and emphasizes the importance of preemptive security analysis.
Problem

Research questions and friction points this paper is trying to address.

Detect and analyze fault injection vulnerabilities pre-silicon
Characterize fault impact on RISC-V instruction set and pipeline
Trace fault propagation from circuit to AI/ML software
Innovation

Methods, ideas, or system contributions that make the work stand out.

Pre-silicon fault injection analysis methodology
Clock glitch attacks in AI/ML applications
Tracing fault propagation in RISC-V architecture
🔎 Similar Papers
No similar papers found.