Détail du CWE-1261

The hardware logic does not effectively handle when single-event upsets (SEUs) occur.

Technology trends such as CMOS-transistor down-sizing, use of new materials, and system-on-chip architectures continue to increase the sensitivity of systems to soft errors. These errors are random, and their causes might be internal (e.g., interconnect coupling) or external (e.g., cosmic radiation). These soft errors are not permanent in nature and cause temporary bit flips known as single-event upsets (SEUs). SEUs are induced errors in circuits caused when charged particles lose energy by ionizing the medium through which they pass, leaving behind a wake of electron-hole pairs that cause temporary failures. If these failures occur in security-sensitive modules in a chip, it might compromise the security guarantees of the chip. For instance, these temporary failures could be bit flips that change the privilege of a regular user to root.

Modes d'introduction

Architecture and Design
Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Systèmes d’exploitation

Class: Not OS-Specific (Undetermined)

Architectures

Class: Not Architecture-Specific (Undetermined)

Technologies

Class: Not Technology-Specific (Undetermined)

Conséquences courantes

Mesures d’atténuation potentielles

Phases : Architecture and Design

Implement triple-modular redundancy around security-sensitive modules.

Phases : Architecture and Design

SEUs mostly affect SRAMs. For SRAMs storing security-critical data, implement Error-Correcting-Codes (ECC) and Address Interleaving.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Références

REF-1086

Single Event Upset: An Embedded Tutorial
Fan Wang, Vishwani D. Agrawal.
https://www.eng.auburn.edu/~agrawvd/TALKS/tutorial_6pg.pdf

REF-1087

Single Event Upsets in Implantable Cardioverter Defibrillators
P. D. Bradley, E. Normand.
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=736549&tag=1

REF-1088

Single Event Effects in FPGA Devices 2015-2016
Melanie Berg, Kenneth LaBel, Jonathan Pellish.
https://ntrs.nasa.gov/search.jsp?R=20160007754

REF-1089

Cisco 12000 Single Event Upset Failures Overview and Work Around Summary
Cisco.
https://www.cisco.com/c/en/us/support/docs/field-notices/200/fn25994.html

REF-1090

Different Ways to Mitigate Soft Errors in Asynchronous SRAMs - KBA90939
Cypress.
https://community.infineon.com/t5/Knowledge-Base-Articles/Different-Ways-to-Mitigate-Soft-Errors-in-Asynchronous-SRAMs-KBA90939/ta-p/257944

REF-1091

Cosmic particles can change elections and cause plans to fall through the sky, scientists warn
Ian Johnston.
https://www.independent.co.uk/news/science/subatomic-particles-cosmic-rays-computers-change-elections-planes-autopilot-a7584616.html

REF-1101

The Hard-coded Key to my Heart - Hacking a Pacemaker Programmer
Anders B. Wilhelmsen, Eivind S. Kristiansen, Marie Moe.
https://anderbw.github.io/2019-08-10-DC27-Biohacking-pacemaker-programmer.pdf

Soumission

Modifications