论文信息 - Detecting PLC control corruption via on-device runtime verification

Detecting PLC control corruption via on-device runtime verification

With an increased emphasis on the cyber-physical security of safety-critical industrial control systems, programmable logic controllers have been targeted by both security researchers and attackers as critical assets. Security and verification solutions have been proposed and/or implemented either externally or with limited computational power. Online verification or intrusion detection solutions are typically difficult to implement within the control logic of the programmable logic controller due to the strict timing requirements and limited resources. Recently, there has been an increased advancement in open controller systems where programmable logic controllers are coupled with embedded hypervisors running operating systems with much more computational power. Development environments are provided that allow developers to directly integrate library function calls from the embedded hypervisor into the program scan cycle of the programmable logic controller. In this paper, we leverage these coupled environments to implement online cyber-physical verification solutions directly integrated into the program scan cycle as well as online intrusion detection systems within the embedded hypervisor. This novel approach allows advanced security and verification solutions to be directly enforced from within the programmable logic controller program scan cycle. We evaluate the proposed solutions on a commercial-off-the-shelf Siemens product.

Saman Zonouz | Dong Wei | Luis Garcia | Leandro Pfleger de Aguiar

[1] Avishai Wool,et al. Accurate Modeling of The Siemens S7 SCADA Protocol For Intrusion Detection And Digital Forensic , 2014, J. Digit. Forensics Secur. Law.

[2] Karen A. Scarfone,et al. Guide to Industrial Control Systems (ICS) Security , 2015 .

[3] William M. Goble. Control System Safety Evaluation and Reliability , 1998 .

[4] Ulf Lindqvist,et al. Using Model-based Intrusion Detection for SCADA Networks , 2006 .

[5] L Piètre-Cambacédès,et al. Cybersecurity Myths on Power Control Systems: 21 Misconceptions and False Beliefs , 2011, IEEE Transactions on Power Delivery.

[6] Jeffrey E. Dagle,et al. Summary of Control System Security Standards Activities in the Energy Sector , 2005 .

[7] Saman A. Zonouz,et al. Detecting Industrial Control Malware Using Automated PLC Code Analytics , 2014, IEEE Security & Privacy.

[8] Luca Bruno,et al. AVATAR: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares , 2014, NDSS.

[9] Saman A. Zonouz,et al. A Trusted Safety Verifier for Process Controller Code , 2014, NDSS.

[10] Avishai Wool,et al. Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems , 2013, Int. J. Crit. Infrastructure Prot..

[11] Volker Roth,et al. Internet-facing PLCs-A New Back Orifice , 2015 .

[12] Lui Sha,et al. S3A: Secure System Simplex Architecture for Enhanced Security of Cyber-Physical Systems , 2012, ArXiv.