Fault injection

In computer science, fault injection is a testing technique for understanding how computing systems behave when stressed in unusual ways. This can be achieved using physical- or software-based means, or using a hybrid approach.^[1] Widely studied physical fault injections include the application of high voltages, extreme temperatures and electromagnetic pulses on electronic components, such as computer memory and central processing units.^[2]^[3] By exposing components to conditions beyond their intended operating limits, computing systems can be coerced into mis-executing instructions and corrupting critical data.

In software testing, fault injection is a technique for improving the coverage of a test by introducing faults to test code paths; in particular error handling code paths, that might otherwise rarely be followed. It is often used with stress testing and is widely considered to be an important part of developing robust software.^[4] Robustness testing^[5] (also known as syntax testing, fuzzing or fuzz testing) is a type of fault injection commonly used to test for vulnerabilities in communication interfaces such as protocols, command line parameters, or APIs.

The propagation of a fault through to an observable failure follows a well-defined cycle. When executed, a fault may cause an error, which is an invalid state within a system boundary. An error may cause further errors within the system boundary, therefore each new error acts as a fault, or it may propagate to the system boundary and be observable. When error states are observed at the system boundary they are termed failures. This mechanism is termed the fault-error-failure cycle^[6] and is a key mechanism in dependability.

^ Moradi, Mehrdad; Van Acker, Bert; Vanherpen, Ken; Denil, Joachim (2019). "Model-Implemented Hybrid Fault Injection for Simulink (Tool Demonstrations)". In Chamberlain, Roger; Taha, Walid; Törngren, Martin (eds.). Cyber Physical Systems. Model-Based Design. Lecture Notes in Computer Science. Vol. 11615. Springer International Publishing. pp. 71–90. doi:10.1007/978-3-030-23703-5_4. ISBN 9783030237035. S2CID 195769468.
^ Shepherd, Carlton; Markantonakis, Konstantinos; Van Heijningen, Nico; Aboulkassimi, Driss; Gaine, Clement; Heckmann, Thibaut; Naccache, David (2021). "Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis". Computers & Security. 111 (102471). Elsevier: 102471. arXiv:2105.04454. doi:10.1016/j.cose.2021.102471. S2CID 236957400.
^ Bar-El, Hagai; Choukri, Hamid; Naccache, David; Tunstall, Michael; Whelan, Claire (2004). "The sorcerer's apprentice guide to fault attacks". Proceedings of the IEEE. 94 (2). IEEE: 370–382. doi:10.1109/JPROC.2005.862424. S2CID 2397174.
^ J. Voas, "Fault Injection for the Masses," Computer, vol. 30, pp. 129–130, 1997.
^ Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security. 2001.
^ A. Avizienis, J.-C. Laprie, Brian Randell, and C. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," Dependable and Secure Computing, vol. 1, pp. 11–33, 2004.

[1] Moradi, Mehrdad; Van Acker, Bert; Vanherpen, Ken; Denil, Joachim (2019). "Model-Implemented Hybrid Fault Injection for Simulink (Tool Demonstrations)". In Chamberlain, Roger; Taha, Walid; Törngren, Martin (eds.). Cyber Physical Systems. Model-Based Design. Lecture Notes in Computer Science. Vol. 11615. Springer International Publishing. pp. 71–90. doi:10.1007/978-3-030-23703-5_4. ISBN 9783030237035. S2CID 195769468.

[shepherd.cose-2] Shepherd, Carlton; Markantonakis, Konstantinos; Van Heijningen, Nico; Aboulkassimi, Driss; Gaine, Clement; Heckmann, Thibaut; Naccache, David (2021). "Physical fault injection and side-channel attacks on mobile devices: A comprehensive analysis". Computers & Security. 111 (102471). Elsevier: 102471. arXiv:2105.04454. doi:10.1016/j.cose.2021.102471. S2CID 236957400.

[bar-el.sorcerers-3] Bar-El, Hagai; Choukri, Hamid; Naccache, David; Tunstall, Michael; Whelan, Claire (2004). "The sorcerer's apprentice guide to fault attacks". Proceedings of the IEEE. 94 (2). IEEE: 370–382. doi:10.1109/JPROC.2005.862424. S2CID 2397174.

[4] J. Voas, "Fault Injection for the Masses," Computer, vol. 30, pp. 129–130, 1997.

[vtt.fi-5] Kaksonen, Rauli. A Functional Method for Assessing Protocol Implementation Security. 2001.

[6] A. Avizienis, J.-C. Laprie, Brian Randell, and C. Landwehr, "Basic Concepts and Taxonomy of Dependable and Secure Computing," Dependable and Secure Computing, vol. 1, pp. 11–33, 2004.

[1]

[2]

[3]

[4]

[5]

[6]