FreeSBee
Generation of Side-Channel-Free Software for Embedded Systems
Start: 02/2023
End: 04/2026
With increasing digitalization, more and more embedded systems are becoming part of the Internet of Things. This comprehensive network provides significant economic benefits. In many cases, however, security gaps still threaten broad integration. Side-channel attacks, especially timing attacks, are an essential category here
FreeSBee explores a tool-based methodology for (partially) automated detection and elimination of security vulnerabilities based on timing attacks. Timing attacks make it possible to infer confidential information, such as secret keys, by observing variations in software runtime
Based on the Astrée and CompCert tools, the FZI develops an approach that uses annotations of confidential information in source code to automatically detect all dependent potential code sections that could cause control-flow-based runtime variations.
The subsequent compilation process has been extended to eliminate these potential control-flow-based runtime variations through code transformations automatically. The correctness of the code transformations performed has been statically proven. This allows the user to protect software against control-flow-based timing attacks with just a few annotations.
Approaches to eliminate microarchitecture-related runtime variations are also being investigated. The focus is on hardware architectures for the RISC-V instruction set.
Safety, Security and Law
Um die sichere Digitalisierung zu ermöglichen, erforscht und vermittelt das FZI in diesem Forschungsschwerpunkt anwendungsnah innovative Konzepte, Methoden zur Absicherung von IT-Systemen sowie rechtliche Rahmenbedingungen.
