The use of static analysis to detect malware in embedded systems
The use of static analysis to detect malware in embedded systems
- Author(s): C. Sampson ; J.G. Drever ; B. Third
- DOI: 10.1049/cp.2013.1722
For access to this article, please select a purchase option:
Buy conference paper PDF
Buy Knowledge Pack
IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.
8th IET International System Safety Conference incorporating the Cyber Security Conference 2013 — Recommend this title to your library
Thank you
Your recommendation has been sent to your librarian.
- Author(s): C. Sampson ; J.G. Drever ; B. Third Source: 8th IET International System Safety Conference incorporating the Cyber Security Conference 2013, 2013 page ()
- Conference: 8th IET International System Safety Conference incorporating the Cyber Security Conference 2013
- DOI: 10.1049/cp.2013.1722
- ISBN: 978-1-84919-778-6
- Location: Cardiff, UK
- Conference date: 16-17 Oct. 2013
- Format: PDF
Malware is prolific and not always detected until the damage has occurred. The use of Formal Static Analysis techniques to ensure that software-based safety systems are free from compiler introduced errors is well established (Pavey, Winsborrow, 1995) [1]. This technique ensures that the executable binary code created by the compiler is mathematically equivalent to the original source code. This paper reports on extending this technique to detect malware inserted into executable code. The Source-Code Comparison process was originally developed by British Energy for the verification of the Primary Reactor Protection System software of the Sizewell `B' Nuclear Power Plant. The process takes the executable binary file that is resident on the target computer and re-creates the equivalent assembler code using disassembler tools. This is then formally compared to the original source code using the MALPAS Compliance Analysis tool, and any discrepancies are revealed. The process has the ability to detect any executable binary code that cannot be traced back to the source code, and may therefore be used to detect the presence of malware in the executable. The paper reports on experiments conducted by Atkins to determine whether modern control executable software can be formally proven against the original code. The applicability of the process to software developed for general purpose operating systems (e.g. Windows) will also be evaluated.
Inspec keywords: invasive software; embedded systems; program diagnostics; program compilers; program assemblers; nuclear power stations; fission reactors; power engineering computing
Subjects: Nuclear power stations and plants; Compilers, interpreters and other processors; Data security; Power engineering computing; Nuclear reactors; Diagnostic, testing, debugging and evaluating systems
Related content
content/conferences/10.1049/cp.2013.1722
pub_keyword,iet_inspecKeyword,pub_concept
6
6