Identifying the potential vulnerabilities of a software application against hardware security attacks, such as the Fault Injection Attacks (FIA), is an important step in the design of a secure embedded system. There are many works that have attempted to help embedded software engineers in the development phase and provide them with practical assessment tools. Nevertheless, before performing the security evaluation experiments, an automated and systematic peer code review step is required to ensure that all important functions and patterns are tested. This step can help the developers to have a measurement factor in order to evaluate the existing susceptibilities, prioritize them and determine the ones that pose the greatest security risk on the targeted device.
This paper presents a security evaluation approach to analyze and prioritize the embedded software vulnerabilities against FIAs by using symbolic execution. The proposed approach is based on the code review analysis and highlights the potential software weakness points. It uses LLVM and its add-on named KLEE tool, which applies the symbolic assertion into the under review code. These tools are employed to obtain a vulnerability factor that can be used to spot the corner cases in the execution paths of the code blocks. Our results show that each block pattern's vulnerability depends on its software location and application. Finally, a case study shows the effectiveness of the generated assertions in pinpointing the actual vulnerabilities.