{"id":451,"date":"2018-10-29T22:13:35","date_gmt":"2018-10-30T03:13:35","guid":{"rendered":"http:\/\/www.ece.iastate.edu\/kcsl\/?p=451"},"modified":"2019-06-22T10:55:06","modified_gmt":"2019-06-22T15:55:06","slug":"milcom-2018","status":"publish","type":"post","link":"https:\/\/www.ece.iastate.edu\/kcsl\/milcom-2018\/","title":{"rendered":"MILCOM 2018 – Systematic Exploration of Critical Software for Catastrophic Cyber-Physical Malware"},"content":{"rendered":"

Abstract:<\/strong><\/p>\n

With the advent of highly sophisticated cyber-physical malware (CPM), a cyber-attack can cripple critical services virtually paralyze the nation. In differentiating CPM from traditional malware, the difference really comes from the open-ended possibilities for malware triggers resulting from the wide spectrum of sensor inputs, and the almost limitless application-specific possibilities for designing malicious payloads.<\/p>\n

Fundamentally, the challenges of detecting sophisticated CPM stem from the complexities inherent in the software at the heart of cyber-physical systems. We discuss three fundamental challenges: explosion of execution behaviors, computational intractability of checking feasible behaviors, and difficult-to-analyze programming constructs. For each challenge we present a systematic methodology for auditing and verifying software.<\/p>\n

In detecting novel CPM, the tasks are: developing plausible hypotheses for malware trigger and malicious payload, analyzing software to gather evidence based on CPM hypotheses, and verifying software to prove or refute a hypothesis based on the gathered evidence. We discuss research directions for effective automation to support these tasks and with audience participating we will demonstrate visual techniques for exploring software.<\/p>\n

Venue: <\/strong>MILCOM 2018<\/a><\/em>, Los Angeles, California, October 2018<\/p>\n

Materials:\u00a0<\/strong>https:\/\/github.com\/benjholla\/MILCOM2018<\/a><\/p>\n

Authors:<\/strong>\u00a0Suresh Kothari, Benjamin Holland<\/p>\n","protected":false},"excerpt":{"rendered":"

Abstract: With the advent of highly sophisticated cyber-physical malware (CPM), a cyber-attack can cripple critical services virtually paralyze the nation. In differentiating CPM from traditional malware, the difference really comes from the open-ended possibilities for malware triggers resulting from the wide spectrum of sensor inputs, and the almost limitless application-specific possibilities for designing malicious payloads. […]<\/p>\n","protected":false},"author":410,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[10,11],"class_list":["post-451","post","type-post","status-publish","format-standard","hentry","category-tutorials","tag-benjamin-holland","tag-suresh-kothari"],"_links":{"self":[{"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/posts\/451","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/users\/410"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/comments?post=451"}],"version-history":[{"count":2,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/posts\/451\/revisions"}],"predecessor-version":[{"id":472,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/posts\/451\/revisions\/472"}],"wp:attachment":[{"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/media?parent=451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/categories?post=451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ece.iastate.edu\/kcsl\/wp-json\/wp\/v2\/tags?post=451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}