This deliverable is intended as the first release of a study report, due to the end of the COGITO projet, entitled “final specification of the tool and guidelines for future implementations (D1.1.3)”.

Download D1.1.1

Executive summary

This report focuses on the use of runtime code generation techniques in the context of secure devices. Its objective is to provide preliminary elements in order to support the core objective of the COGITO project: demonstrate the applicability of runtime code generation techniques for security purposes. In the first part of this report, we describe various attacks targeting smart cards, both in terms of hardware based attacks, logical attacks, and mixed attacks (section 2). In mixed attacks, the fault injection is an enabler for logical attacks. Then, we present most of the countermeasures related to the scope of the project against these attacks and we bring to the fore their limits (section 3). We propose some clues for improving the resistance to some attacks that are less covered by current countermeasures, in particular code polymorphism.

In the second part of the document, we introduce deGoal as an enabling technology to improve the security of the embedded systems. The original purpose of this technology is to bring performance improvements in terms of execution time or energy consumption for computing systems. Considering that deGoal is well suited for embedded systems, especially systems with small memory resources and low computing capabilities such as the systems usually used in secured applications, we assume that it is possible to retarget this tool for security purposes. In this report we present the functionalities of deGoal (section 4), and the modifications targeted in the context of COGITO to reach the objectives of the project (section 5).