An exfiltration subversion demonstration

Abstract

A dynamic subversion attack on the Windows XP Embedded operating system is demonstrated to raise awareness in developers and consumers of the risk of subversion in commercial operating systems that may be safety critical. SCADA (Supervisory Control and Data Acquisition) systems that monitor and control our critical infrastructure depend on embedded systems. The attack can be loaded onto a fielded system that has been subverted with a small software artifice. The artifice could be inserted into the system at any time in the system's lifecycle. The attack provides a flexible method for the attacker, who may not be the same individual who inserted the artifice, to gain total control of the subverted system. Due to the dynamic loading property of this subversion, the attacker does not have to decide the aspect of the system to be targeted until a time of her choice. The attack does not exploit an existing flaw in the target module but is possible because the initial artifice is inserted into the kernel of an operating system where adversaries have access to source code. This thesis discusses certain aspects of known methods for developing systems free from subversion. Several projects that utilized these methods are presented.