Fault injection attacks are a growing concern for the security of cyber systems. To mitigate these threats, hardware protections are often complemented by a series of software countermeasures,
the implementation of which can be complex, time-consuming, and error-prone even for cybersecurity experts. In this article, we introduce SecSwift, a compiler-based framework dedicated to the generation of these software countermeasures. SecSwift offers a carefully balanced architecture that augments the usual code generation flow of the LLVM compiler at selected points in the front-end, middle-end and back-end. In its current state, SecSwift leverages classical control flow integrity and data flow protections, generalized to their interprocedural variants.
A simulation-based instruction-set-level fault injection test campaign validates the proposed approach and demonstrates the robustness of the generated countermeasures. This campaign notably features a comparison between SecSwift and nZDC, which is widely considered a benchmark for countermeasure code generation. Experimental results indicate that SecSwift is on a par with, and often better than, nZDC in terms of fault detection and code size.
Finally, we show that SecSwift can easily generate countermeasures for 32-bit RISC-V RV32E processors, which have only 16 general-purpose registers. Clearly, SecSwift’s high-level approach is a distinct advantage for architectures with small register files—an area where low-level approaches based on partitioning between main and shadow registers struggle.