Automated vulnerability detection for compiled smart grid software

S. J. Prowell; M. Pleszkoch; K. D. Sayre; R. C. Linger

doi:10.1109/ISGT.2012.6175814

Automated vulnerability detection for compiled smart grid software

S. J. Prowell, M. Pleszkoch, K. D. Sayre, R. C. Linger

Energy and Control Systems Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

Original language	English
Title of host publication	2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012
DOIs	https://doi.org/10.1109/ISGT.2012.6175814
State	Published - 2012
Event	2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012 - Washington, DC, United States Duration: Jan 16 2012 → Jan 20 2012

Publication series

Name	2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012

Conference

Conference	2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012
Country/Territory	United States
City	Washington, DC
Period	01/16/12 → 01/20/12

Keywords

Smart grids
formal verification
reasoning about programs
vulnerability detection

Access to Document

10.1109/ISGT.2012.6175814

Cite this

@inproceedings{4ac23b1ecb0343a7ab12ea2bcc22ce9c,

title = "Automated vulnerability detection for compiled smart grid software",

abstract = "While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.",

keywords = "Smart grids, formal verification, reasoning about programs, vulnerability detection",

author = "Prowell, {S. J.} and M. Pleszkoch and Sayre, {K. D.} and Linger, {R. C.}",

year = "2012",

doi = "10.1109/ISGT.2012.6175814",

language = "English",

isbn = "9781457721588",

series = "2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012",

booktitle = "2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012",

note = "2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012 ; Conference date: 16-01-2012 Through 20-01-2012",

}

Prowell, SJ, Pleszkoch, M, Sayre, KD & Linger, RC 2012, Automated vulnerability detection for compiled smart grid software. in 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012., 6175814, 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012, 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012, Washington, DC, United States, 01/16/12. https://doi.org/10.1109/ISGT.2012.6175814

TY - GEN

T1 - Automated vulnerability detection for compiled smart grid software

AU - Prowell, S. J.

AU - Pleszkoch, M.

AU - Sayre, K. D.

AU - Linger, R. C.

PY - 2012

Y1 - 2012

N2 - While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

AB - While testing performed with proper experimental controls can provide scientifically quantifiable evidence that software does not contain unintentional vulnerabilities (bugs), it is insufficient to show that intentional vulnerabilities exist, and impractical to certify devices for the expected long lifetimes of use. For both of these needs, rigorous analysis of the software itself is essential. Automated software behavior computation applies rigorous static software analysis methods based on function extraction (FX) to compiled software to detect vulnerabilities, intentional or unintentional, and to verify critical functionality. This analysis is based on the compiled firmware, takes into account machine precision, and does not rely on heuristics or approximations early in the analysis.

KW - Smart grids

KW - formal verification

KW - reasoning about programs

KW - vulnerability detection

UR - http://www.scopus.com/inward/record.url?scp=84860850443&partnerID=8YFLogxK

U2 - 10.1109/ISGT.2012.6175814

DO - 10.1109/ISGT.2012.6175814

M3 - Conference contribution

AN - SCOPUS:84860850443

SN - 9781457721588

T3 - 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012

BT - 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012

T2 - 2012 IEEE PES Innovative Smart Grid Technologies, ISGT 2012

Y2 - 16 January 2012 through 20 January 2012

ER -

Automated vulnerability detection for compiled smart grid software

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this