Fault attack vulnerability assessment of binary code

Fault attacks are a major threat requiring to protect applications. We present a method and a set of metrics, implemented in a framework combining formal methods, dynamic and static analyses to evaluate the robustness of a binary code against fault attacks. The framework models the vulnerabilities detection as formal equivalence-checking problems that are solved by a SMT solver. It can support transient fault models targeting both data and code. Its application to programs hardened at source level shows its benefits for comparing different hardened versions, compilers and their optimizations, and for analyzing the sources of vulnerability.