Advancing Control Flow Error Detection Techniques for Embedded Software using Automated Implementation and Fault Injection

This thesis focuses on the selection and implementation of software-implemented countermeasures designed to detect control flow errors in embedded systems. A control flow error is an erroneous jump throughout an executing program induced by external disturbances. These disturbances, such as electromagnetic interference, can introduce bit-flips in different components of a system's hardware. In turn, these introduced bit-flips affect the executing program by corrupting the execution order of instructions. This phenomenon is known as a control flow error and can cause the program to hang or to crash, possibly creating dangerous situations. An introduced bit-flip can also manifest itself as a data flow error, by corrupting data needed by the program. These are, however, out of scope for this research. By adding extra control variables and inserting update instructions that modify that control variable in the low-level code of the target program, software-implemented techniques are able to detect if a control flow error has occurred. Since multiple options are possible to create this type of protection, numerous techniques have been proposed in literature. With many options, and no guideline on how to select a technique, the following question arises: what is the best technique? To solve this question, solutions to the following problems had to be found: I) ease the implementation of the techniques in the low-level code of a target program; II) objectively characterize each technique; and III) develop a new and better technique. To solve the first problem, we developed a compiler extension. While it is possible to implement each of the selected techniques into the low-level code of a target program manually, this is arduous and error-prone. The compiler extension we developed solves these issues as it is capable of automatically implementing the discussed techniques in low-level code. By simply adding a few extra parameters when compiling the target program, a control flow error detection technique can be added. This eliminates both the need to know the low-level language of the embedded system and the need to know about the internal operations and added functionality of the technique. Using the compiler extension thus saves time and effort. Next, we defined three criteria to objectively characterize each technique: 1) error detection ratio, 2) execution time overhead and 3) code size overhead. The error detection ratio indicates which percentage of control flow errors a technique detects. To measure this, we use fault injection experiments. Because there were no fault injection tools and no deterministic control flow error injection processes available, we developed our own software-implemented tool and processes. This tool can execute three different deterministic injection processes and supports multiple targets, both physical hardware targets and simulated targets. The execution time overhead indicates how much longer the protected program needs, compared to the unprotected program, in an error-free run. We measured this using an on-board hardware timer of the target embedded system. Finally, the third criterion, code size overhead, indicates how much more memory the protected program needs, compared to the unprotected program. This criterion is determined by measuring how much memory the compiled program needs. Using the developed tools and selected criteria, a comparative study between eight established control flow error detection techniques is presented in this thesis. By implementing the techniques for the same case studies, executing them on the same hardware, subjecting them to the same fault injection campaign and measuring their overhead with the same tools, an objective comparison was made. The study revealed that the technique called Control Flow Checking by Software Signatures is the best established technique to use so far, as it achieves a high error detection ratio while imposing a low overhead. The study also revealed that there was room for improvement. Using the collected data, we derived five guidelines to build an optimal control flow error detection technique. To demonstrate their validity, we developed a detection technique that complies with all five guidelines, called Random Additive Control Flow Error Detection, and submitted it to the same fault injection campaign as used during the aforementioned comparative study. These experiments revealed that our technique outperforms the selected state-of-the-art techniques. Our technique achieves a higher error detection ratio and imposes a lower overhead then the state-of-the-art techniques. This thesis concludes by presenting the application of the different research outputs on industrial case studies, such as a small scale Industry 4.0 setup. These final experiments verify that the research can indeed be used in an industrial setting.

Publication year:2020

Accessibility:Open