Abstract
Energy Delivery Systems (EDS) must be verified to be free from intrusive and malicious software. One way of verifying this software is to perform device scans to detect malicious code. Because it is possible to have “fileless” malware that exists only in device (volatile) memory, offline scanning and even many forms of online scanning is insufficient for detection. This project (“Verify”) addresses this need by performing direct sampling of memory during device operation to detect unexpected or modified software while not interfering with device operation. The Verify project provides a proof-of-concept of detection by random sampling combined with remote software- and timing-based attestation methods for robust detection of in-memory threats. An external review of Verify was performed by our partner, General Electric (GE), and a summary of their findings is provided.
