Malware crafted to attack cyber-physical systems such as the electrical power grid have a physics-centric nucleus. Cyber-physical systems malware understand physics and hence use their knowledge to guide how they initiate physical damage on a compromised industrial computer. We develop a physics-driven page fault handler in the seL4 microkernel, which, in addition to reducing the page fault rate, differentiates active physics in main memory from passive physics in the backing store. We aid the identification of active physics via a CPU scheduler that tracks the evolution of active physics over time. We exploit the concept of active physics to develop deception that is customized to attack the physics-centric nucleus of malware. We evaluated this research against a variety of malware samples and techniques, including both numerous samples from publicly available repositories and custom-made academic code, and present our findings in the article. The physics data of reference pertain to an electrical substation, with a higher focus on a power transformer and related industrial computer algorithms.
Read full abstract