Razer6/gist:4108d8181d77289462ae0b3d009a2bc3

## gistfile1.txt
\section{Threat Model and Assumptions}
\label{sec:Threat Model and Assumptions}

The attacker is powerful and therefore able to perform active attacks such as
faulting on a processing system to modify its internal state. Instead of using
a bit-based fault model~\cite{mukherjee2005soft}, we use a symptom-based fault
model~\cite{schiffel2011hardware}, which describes the effects a fault can show
rather than one single bit assumption for the complete system, which includes
modules that are not protected with the proposed countermeasures. Modeling only
the effects on the processing system is reasonable since it is the sphere of
protection the countermeasure is designed for. For any fault symptom stated
below, the attacker can modify only n bits of exactly one state (address,
register value, ...).

\begin{enumerate}
	\item Due to a fault, the program counter is modified.
	\item Due to a fault on the address bus, a wrong memory location is loaded.
	\item Due to a fault, one memory value is manipulated.
	\item Due to a fault, one register value is manipulated.
	\item Due to a fault, the execution of an instruction is modified.
	% \item Due to a fault, a status register is manipulated
\end{enumerate}


\subsubsection{Modified Program Counter.}
\label{sub:Modified Program Counter}

A fault in the processing system may manipulate the program counter in an
unintended way. This can result in skipping an instruction or arbitrary
modifying the program counter, which results in a jump inside the program.
However, this kind of fault is already protected through the underlying
protection mechanism for protecting the correct execution of instructions.

\subsubsection{Manipulated Address Bus.}
\label{sub:Manipulated Address Bus}

A fault may modify the address bus of the processing system. Due to this fault,
the system loads wrong memory content into the processing core. If the value to
be loaded was program code, this results in wrong executed code. Similar to the
modified program counter, this effects in a jump-like behavior. If the memory
to be loaded was not program code, wrong variables are loaded which can result
in any behavior.

\subsubsection{Manipulated Memory Content.}
\label{sub:Manipulated Memory Content}

A fault may modify the memory content of the processing system. Depending on
the memory location, such a fault may modify program code or arbitrary data.
Following, such a fault may have various effects.

\subsubsection{Manipulated Register Value.}
\label{sub:Manipulated Register Value}

A register denotes the general purpose register of a CPU, in which software
loads data from the memory into it. Manipulating the register content may result
in different effects depending on how the register is used. If the register is
used for computing a condition, such it is used for if/else statements or for
loops, this may modify the program flow. If the register is used e.g. for
computing a cryptographic algorithm, this may break the security of the
computation.

\subsubsection{Manipulated Instruction.}
\label{sub:Manipulated Instruction}

A fault may modify the execution of an instruction. First, the instruction
itself can be faulted. This leads to a wrong result of the computation. Second,
the instruction may be exchanged with a different one leading to a wrong result.
Third, wrong operands are used during the computation.\\ \\
	\section{Threat Model and Assumptions}
	\label{sec:Threat Model and Assumptions}

	The attacker is powerful and therefore able to perform active attacks such as
	faulting on a processing system to modify its internal state. Instead of using
	a bit-based fault model~\cite{mukherjee2005soft}, we use a symptom-based fault
	model~\cite{schiffel2011hardware}, which describes the effects a fault can show
	rather than one single bit assumption for the complete system, which includes
	modules that are not protected with the proposed countermeasures. Modeling only
	the effects on the processing system is reasonable since it is the sphere of
	protection the countermeasure is designed for. For any fault symptom stated
	below, the attacker can modify only n bits of exactly one state (address,
	register value, ...).

	\begin{enumerate}
	\item Due to a fault, the program counter is modified.
	\item Due to a fault on the address bus, a wrong memory location is loaded.
	\item Due to a fault, one memory value is manipulated.
	\item Due to a fault, one register value is manipulated.
	\item Due to a fault, the execution of an instruction is modified.
	% \item Due to a fault, a status register is manipulated
	\end{enumerate}


	\subsubsection{Modified Program Counter.}
	\label{sub:Modified Program Counter}

	A fault in the processing system may manipulate the program counter in an
	unintended way. This can result in skipping an instruction or arbitrary
	modifying the program counter, which results in a jump inside the program.
	However, this kind of fault is already protected through the underlying
	protection mechanism for protecting the correct execution of instructions.

	\subsubsection{Manipulated Address Bus.}
	\label{sub:Manipulated Address Bus}

	A fault may modify the address bus of the processing system. Due to this fault,
	the system loads wrong memory content into the processing core. If the value to
	be loaded was program code, this results in wrong executed code. Similar to the
	modified program counter, this effects in a jump-like behavior. If the memory
	to be loaded was not program code, wrong variables are loaded which can result
	in any behavior.

	\subsubsection{Manipulated Memory Content.}
	\label{sub:Manipulated Memory Content}

	A fault may modify the memory content of the processing system. Depending on
	the memory location, such a fault may modify program code or arbitrary data.
	Following, such a fault may have various effects.

	\subsubsection{Manipulated Register Value.}
	\label{sub:Manipulated Register Value}

	A register denotes the general purpose register of a CPU, in which software
	loads data from the memory into it. Manipulating the register content may result
	in different effects depending on how the register is used. If the register is
	used for computing a condition, such it is used for if/else statements or for
	loops, this may modify the program flow. If the register is used e.g. for
	computing a cryptographic algorithm, this may break the security of the
	computation.

	\subsubsection{Manipulated Instruction.}
	\label{sub:Manipulated Instruction}

	A fault may modify the execution of an instruction. First, the instruction
	itself can be faulted. This leads to a wrong result of the computation. Second,
	the instruction may be exchanged with a different one leading to a wrong result.
	Third, wrong operands are used during the computation.\\ \\