Tutorial: Systematic Exploration of Critical Software for Catastrophic Cyber-Physical Malware
Monday, October 29, 2018: 9:00 AM - 12:00 PM
Speaker(s)
Description
With the advent of highly sophisticated cyber-physical malware (CPM), a cyber-attack can cripple critical services virtually paralyze the nation. In differentiating CPM from traditional malware, the difference really comes from the open-ended possibilities for malware triggers resulting from the wide spectrum of sensor inputs, and the almost limitless application-specific possibilities for designing malicious payloads.
Fundamentally, the challenges of detecting sophisticated CPM stem from the complexities inherent in the software at the heart of cyber-physical systems. We discuss three fundamental challenges: explosion of execution behaviors, computational intractability of checking feasible behaviors, and difficult-to-analyze programming constructs. For each challenge we present a systematic methodology for auditing and verifying software.
In detecting novel CPM, the tasks are: developing plausible hypotheses for malware trigger and malicious payload, analyzing software to gather evidence based on CPM hypotheses, and verifying software to prove or refute a hypothesis based on the gathered evidence. We discuss research directions for effective automation to support these tasks and with audience participating we will demonstrate visual techniques for exploring software.
Tracks:
Sponsored by:
Approved for 2 CompTIA CEUs: A+, Network+, Security+, Cloud+, CySA+, and CASP; 2 Logical Operations CFR; and 2 GIAC CPEs