Malicious code detection for open firmware

Adelstein, Frank; Stillerman, Matt; Kozen, Dexter

doi:10.1109/csac.2002.1176312

Cited by 18 publications

(12 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Firmware is typically provided by the supplier; however, these files are modifiable as well. The firmware can be validated before it is loaded using an error checking routine [3,8]. For firmware that is already loaded on a PLC, however, there is no current method to extract the firmware in ROM and validate that it has not been modified, making firmware modifications subversive [8].…”

Section: Discussion Of Effectsmentioning

confidence: 99%

See 1 more Smart Citation

Exploiting the critical infrastructure via nontraditional system inputs

McMinn¹,

Butts²,

Robinson³

et al. 2011

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

View full text Add to dashboard Cite

Critical infrastructures such as oil and gas pipelines, the electric power grid, and railways, rely on the proper operation of supervisory control and data acquisition (SCADA) systems. The trend to interconnect SCADA system devices using networking technologies, however, has introduced additional entry points for malicious software, often via the Internet. In an attempt to manage the new risks, security personnel are incorporating network isolation and standard information technology practices (e.g., firewalls and access control lists). These boundary protection mechanisms attempt to create gaps between systems in order to logically or physically isolate the SCADA network, making it inaccessible by untrusted actors. However, physical or logical isolation does not necessarily imply a closed system. Untrusted actors can still gain access and control over a SCADA system, despite network security, through exploiting alternate pathways that are not evaluated for proper trust control. These nontraditional, indirect access points are overlooked as ingress paths that can result in system compromise. This paper introduces the concept of extending the security parameter to incorporate the nontraditional access points that are often ignored. Coupled with traditional network security postures, identifying and managing these nontraditional attack entry points can create a more robust, secure environment for critical infrastructures.

show abstract

Section: Discussion Of Effectsmentioning

confidence: 99%

“…The PLC may be loaded using proprietary software or a driver, which is an input to the computer. Inputs could also include the Internet if the computer downloads updates, external media such as a USB, or any device that connects to the computer [3,4].…”

Section: Trust Evaluationmentioning

confidence: 99%

Exploiting the critical infrastructure via nontraditional system inputs

McMinn¹,

Butts²,

Robinson³

et al. 2011

Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research

View full text Add to dashboard Cite

show abstract

“…Another approach to mitigate the spread of such infections would be to use reliable bootstrap architectures [24], malicious code detectors [25], or automated firmware security upgrades. A new direction of research is heading towards identifying new threat models and malware behavior in WiFi networks.…”

Section: Countermeasures and Related Workmentioning

confidence: 99%

Wireless spreading of WiFi APs infections using WPS flaws: An epidemiological and experimental study

Sanatinia

Narain

Noubir

2013

2013 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

WiFi Access Points (APs) are ideal targets of attack. They have access to home internal networks which allows an adversary to easily carry out man-in-the-middle attacks and spread infections wirelessly. They can also be used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum (both WiFi and cellular). While Wired Equivalent Privacy (WEP) vulnerabilities are common knowledge, the flaws of the WiFi Protected Setup (WPS) protocol are less known. In this paper, we use an epidemiological approach, combined with experimental war-driving measurements to investigate the speed of infections spreading in four neighborhoods of Boston, MA, USA, with distinct population and demographics. Our analysis and experimental data indicate that such attacks are feasible. While the graph of WEP APs and WPS APs may not be fully connected, the combined graph of WEP-WPS APs is fully connected, making large scale spreading of infections feasible. Due to the unique characteristics of WPS, the absence of automated firmware upgrades and mechanisms to safely configure and administer APs; these attacks pose a significant threat that require serious attention and countermeasures to provide safe management of APs and their policies.

show abstract

“…Schneider proved that the class of properties that can be enforced by a reference monitor (inlined or otherwise) is restricted to safety properties 1 and that any enforceable safety property could, at least in principle, be enforced by an execution monitor [46].…”

Section: Inlined Reference Monitorsmentioning

confidence: 99%