Tutorial: Systematic Exploration of Critical Software for Catastrophic Cyber-Physical Malware
Monday, October 29, 2018: 9:00 AM - 12:00 PM
With the advent of highly sophisticated cyber-physical malware (CPM), a cyber-attack can cripple critical services virtually paralyze the nation. In differentiating CPM from traditional malware, the difference really comes from the open-ended possibilities for malware triggers resulting from the wide spectrum of sensor inputs, and the almost limitless application-specific possibilities for designing malicious payloads.
Fundamentally, the challenges of detecting sophisticated CPM stem from the complexities inherent in the software at the heart of cyber-physical systems. We discuss three fundamental challenges: explosion of execution behaviors, computational intractability of checking feasible behaviors, and difficult-to-analyze programming constructs. For each challenge we present a systematic methodology for auditing and verifying software.
In detecting novel CPM, the tasks are: developing plausible hypotheses for malware trigger and malicious payload, analyzing software to gather evidence based on CPM hypotheses, and verifying software to prove or refute a hypothesis based on the gathered evidence. We discuss research directions for effective automation to support these tasks and with audience participating we will demonstrate visual techniques for exploring software.
Approved for 2 CompTIA CEUs: A+, Network+, Security+, Cloud+, CySA+, and CASP; 2 Logical Operations CFR; and 2 GIAC CPEs