Fault Attack Injection strategies for RISC-V Microprocessors in Simulated Environments

Hardware and software security are becoming increasingly critical due to the widespread proliferation of computing systems and the exponential growth of the IoT and embedded domains, both of which demand robust protection mechanisms. Addressing the rising sophistication and impact of attacks requires reducing the complexity of software testing against specific classes of vulnerabilities. In this context, access to simulator software capable of evaluating software robustness against such attacks can significantly lower the cost of security assessments and shorten the time to market of final products. This thesis presents modifications to the gem5 architectural simulator through the integration of a fault injection module for the RISC-V architecture. The proposed module enables the injection of register level single and multi-bit faults during simulation, supporting both fine-grained, deterministic fault injection and general fault testing through randomized spatial and temporal fault distributions. The work begins with an overview of the current state of the art in fault injection, fault attacks and emerging research trends. That review drove the design choices made to ensure the injection module realistically mimics real world fault modalities and capabilities. In the second part, the thesis details the modifications applied to gem5, the design decisions underlying these changes, and the challenges encountered due to the simulator’s architecture. Furthermore it describes the auxiliary tools developed to support this work, including the Campaign Manager, which provides an entry point for managing and launching automated test campaigns. The final part of the thesis presents the evaluation of the proposed tool and outlines directions for future development. The evaluation uses security-focused code from the FISSC collection curated by the Université Grenoble Alpes. This dataset comprises multiple versions of test software incorporating varying levels of countermeasures and hardening, allowing assessment across different attack strengths and granularities. Particular attention is given to testing different versions of VerifyPIN, a program designed to mimic a card PIN verification routine. As future work, the thesis proposes extending fault injection support to caches and main memory to broaden the range of possible attacks and widen testing coverage.