Fault-Enabled Vulnerability Evaluation and Remediation

Fault-Enabled Vulnerability Evaluation and Remediation (FEVER™) automatically identifies and remediates fault induction vulnerabilities in software. These vulnerabilities can be exploited by an adversary by exposing the target hardware to anomalous operating conditions, such as out-of-range voltages, temperatures, or clock frequencies, which then cause the software to malfunction, creating severe consequences for the system’s security. FEVER™ consists of angrFI (angr for Fault Induction) that identifies fault vulnerabilities in software and COWBELL that automatically inserts fault countermeasures at compile-time. Given a software binary, angrFI uses a combination of static analysis, concrete, and symbolic execution to precisely determine the effect of these faults on the software. COWBELL is a compiler extension that can automatically apply a suite of fault countermeasures during compile-time–making the compiled software resistant to fault induction attacks. COWBELL can apply these countermeasures automatically for any piece of C source code with no additional code needed from the user/developer.

For more detailed information on MITRE’s FEVER™ or licensing options, contact the MITRE Technology Transfer Office at techtransfer@mitre.org.