Fault injection attacks (FIAs) pose a severe threat to hardware security, yet efficient and systematic pre-silicon evaluation methodologies remain lacking. This work proposes InjectV—the first simulation-level fault injection framework tailored for RISC-V architectures—built upon the gem5 full-system simulator. InjectV enables precise and controllable transient fault injection at security-critical points such as control-flow decisions, counters, and comparisons, covering both registers and memory. By offering a white-box, developer-friendly perspective, the framework significantly enhances vulnerability detection efficiency. Evaluation on the FISSC benchmark suite, including the hardened VerifyPIN variant, demonstrates that InjectV effectively identifies exploitable attack points while reducing assessment time by 95.8% compared to conventional approaches.

Fault Injection Attacks (FIAs) are a significant threat to hardware security, capable of compromising systems by inducing malicious faults in computation or storage. Evaluating resilience against such attacks is challenging due to the high cost, complexity, and limited availability of physical fault experiments, particularly during pre-silicon development. Architectural-level simulation offers a developer-oriented, white-box perspective for systematic vulnerability assessment. This paper introduces InjectV, a fault injection attack framework for RISC-V platforms built on the gem5 simulator. InjectV enables precise, guided fault injection at security-critical execution points, such as control-flow decisions, counters, and comparisons, allowing systematic exploration of attack vectors. It currently supports transient fault attacks in registers and memory, broadening its ability to simulate diverse attack scenarios. Experimental results on security benchmarks from the FISSC suite, including hardened variants of the VerifyPIN application, demonstrate InjectV's ability to effectively identify fault-injection points, achieving a 95.8% time-saving advantage over traditional fault injection approaches.