Stealth Low-Level Manipulation of Programmable Logic Controllers I/O by Pin Control Exploitation

Input/Output is the mechanism through which Programmable Logic Controllers (PLCs) interact with and control the outside world. Particularly when employed in critical infrastructures, the I/O of PLCs has to be both reliable and secure. PLCs I/O like other embedded devices are controlled by a pin based approach. In this paper, we investigate the security implications of the PLC pin control system. In particular, we show how an attacker can tamper with the integrity and availability of PLCs I/O by exploiting certain pin control operations and the lack of hardware interrupts associated to them.

[1]  Zhenkai Liang,et al.  HookFinder: Identifying and Understanding Malware Hooking Behaviors , 2008, NDSS.

[2]  Sandro Etalle,et al.  On Emulation-Based Network Intrusion Detection Systems , 2014, RAID.

[3]  Heng Yin,et al.  Hooking Behavior Analysis , 2013 .

[4]  Sergey Bratus,et al.  Intrusion detection for resource-constrained embedded control systems in the power grid , 2012, Int. J. Crit. Infrastructure Prot..

[5]  Patrick D. McDaniel,et al.  Programmable Logic Controllers , 2012 .

[6]  Cliff Changchun Zou,et al.  A chipset level network backdoor: bypassing host-based firewall & IDS , 2009, ASIACCS '09.

[7]  T. C. Maxino,et al.  The Effectiveness of Checksums for Embedded Control Networks , 2009, IEEE Transactions on Dependable and Secure Computing.

[8]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[9]  Stephen E. McLaughlin On Dynamic Malware Payloads Aimed at Programmable Logic Controllers , 2011, HotSec.

[10]  Juan Lopez,et al.  Firmware modification attacks on programmable logic controllers , 2013, Int. J. Crit. Infrastructure Prot..

[11]  Ralph Langner To Kill a Centrifuge A Technical Analysis of What Stuxnet ’ s Creators Tried to Achieve , 2013 .

[12]  Salvatore J. Stolfo,et al.  Defending Embedded Systems with Software Symbiotes , 2011, RAID.

[13]  Joshua Schiffman,et al.  The SMM Rootkit Revisited: Fun with USB , 2014, 2014 Ninth International Conference on Availability, Reliability and Security.

[14]  Philip Koopman,et al.  Embedded System Security , 2004, Computer.

[15]  Cliff Changchun Zou,et al.  SMM rootkit: a new breed of OS independent malware , 2013, Secur. Commun. Networks.