Abstract

The Simulated Physics And Embedded Virtualization Integration (SPAEVI, rhymes with gravy) methodology is designed for industrial control system (ICS) cybersecurity research. The cost of hardware-based industrial control system testbeds often limits entire categories of vulnerability analysis, testing, malware analysis, and etc. Specifically memory corruption vulnerability analysis often risks bricking ICS embedded systems. The SPAEVI methodology is proposed for software-based ICS/SCADA testbeds via embedded system virtualization, where the inputs and outputs are integrated within a physics simulation. The challenges of implementing the methodology are nontrivial, and one must rely on reverse engineering, virtual machine development, exploit development, engineering experience, and embedded system design experience. Foremost, the virtualization of an embedded system will pose unique, non-trivial challenges per target system, due to the wild variation of microprocessor architectures in ICS/SCADA.

Bio

Aside from his mohawk and beard, Owen is renown for creating and teaching the Offensive Computer Security Courseware, which has been used in some form at over a dozen universities around the world. He earned his BS in CS from Georgia Tech, MS in CS from FSU, and is finishing his PhD dissertation on Cyber Physical Systems Vulnerability Research & Sandboxing.