A CEGAR Tool for the Reachability Analysis of PLC-Controlled Plants Using Hybrid Automata

Nellen, Johanna; Ábrahám, Erika; Wolters, Benedikt

doi:10.1007/978-3-319-16577-6_3

Cited by 13 publications

(9 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recent approaches utilize various techniques, such as regression verification [11], model checking [12], [13], or sequential function charts for the programming of the programmable logic controllers (PLCs). Similar approaches have extended these methods by including specifications of plant behavior converted to hybrid automata for verifying safety properties [14], [15].…”

Section: A Vulnerability Detection and Fault Testing In Icsmentioning

confidence: 99%

Chaos Engineering for Enhanced Resilience of Cyber-Physical Systems

Konstantinou¹,

Stergiopoulos²,

Parvania³

et al. 2021

Preprint

View full text Add to dashboard Cite

Cyber-physical systems (CPS) incorporate the complex and large-scale engineered systems behind critical infrastructure operations, such as water distribution networks, energy delivery systems, healthcare services, manufacturing systems, and transportation networks. Industrial CPS in particular need to simultaneously satisfy requirements of available, secure, safe and reliable system operation against diverse threats, in an adaptive and sustainable way. These adverse events can be of accidental or malicious nature and may include natural disasters, hardware or software faults, cyberattacks, or even infrastructure design and implementation faults. They may drastically affect the results of CPS algorithms and mechanisms, and subsequently the operations of industrial control systems (ICS) deployed in those critical infrastructures. Such a demanding combination of properties and threats calls for resilience-enhancement methodologies and techniques, working in real-time operation. However, the analysis of CPS resilience is a difficult task as it involves evaluation of various interdependent layers with heterogeneous computing equipment, physical components, network technologies, and data analytics. In this paper, we apply the principles of chaos engineering (CE) to industrial CPS, in order to demonstrate the benefits of such practices on system resilience. The systemic uncertainty of adverse events can be tamed by applying runtime CE-based analyses to CPS in production, in order to predict environment changes and thus apply mitigation measures limiting the range and severity of the event, and minimizing its blast radius.

show abstract

Section: A Vulnerability Detection and Fault Testing In Icsmentioning

confidence: 99%

Chaos Engineering for Enhanced Resilience of Cyber-Physical Systems

Konstantinou¹,

Stergiopoulos²,

Parvania³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

“…Safety Verification of PLC Code. Many prior efforts [24], [28], [30], [31], [42], [44], [57], [58], [61], [63], [65] have been made to statically verify logic code using model checkers [15], [21]. Further efforts have also been made to conduct runtime verification in an online [39], [45] or offline manner [35], [62].…”

Section: Related Workmentioning

confidence: 99%

“…While there exists work [24], [28], [30], [31], [42], [44], [57], [58], [61], [63], [65] that aims to statically verify PLC logic in a formal manner, such static analysis techniques suffer from significant false positives since they are unable to reason about runtime execution contexts. For instance, they may detect potential problematic paths in the code that are infeasible at runtime.…”

Section: Introductionmentioning

confidence: 99%

Towards Automated Safety Vetting of PLC Code in Real-World Plants

Zhang

Chen

Kao

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Safety violations in programmable logic controllers (PLCs), caused either by faults or attacks, have recently garnered significant attention. However, prior efforts at PLC code vetting suffer from many drawbacks. Static analyses and verification cause significant false positives and cannot reveal specific runtime contexts. Dynamic analyses and symbolic execution, on the other hand, fail due to their inability to handle real-world PLC programs that are event-driven and timing sensitive. In this paper, we propose VETPLC, a temporal context-aware, program analysisbased approach to produce timed event sequences that can be used for automatic safety vetting. To this end, we (a) perform static program analysis to create timed event causality graphs in order to understand causal relations among events in PLC code and (b) mine temporal invariants from data traces collected in Industrial Control System (ICS) testbeds to quantitatively gauge temporal dependencies that are constrained by machine operations. Our VETPLC prototype has been implemented in 15K lines of code. We evaluate it on 10 real-world scenarios from two different ICS settings. Our experiments show that VETPLC outperforms state-of-the-art techniques and can generate event sequences that can be used to automatically detect hidden safety violations.

show abstract

“…Related work Most automated verification tools for hybrid systems rely on analyzing a white-box mathematical model of the systems. They include tools based on decidablity results [13,37,10,3,24,32], semi-decision procedures that over-approximate the reachable set of states through symbolic computation [36,48,7,45,56,33,4,9], using abstractions [1,12,11,19,55,53,16,39,52,5,6,49,54], and using approximate decision procedures for fragments of firstorder logic [44]. More recently, there has been interest in developing simulationbased verification tools [41,18,17,42,2,25,15,23].…”

Section: Automotive Applicationsmentioning

confidence: 99%

DryVR: Data-Driven Verification and Compositional Reasoning for Automotive Systems

Fan

Mitra

et al. 2017

Computer Aided Verification

View full text Add to dashboard Cite

We present the DryVR framework for verifying hybrid control systems that are described by a combination of a black-box simulator for trajectories and a white-box transition graph specifying mode switches. The framework includes (a) a probabilistic algorithm for learning sensitivity of the continuous trajectories from simulation data, (b) a bounded reachability analysis algorithm that uses the learned sensitivity, and (c) reasoning techniques based on simulation relations and sequential composition, that enable verification of complex systems under long switching sequences, from the reachability analysis of a simpler system under shorter sequences. We demonstrate the utility of the framework by verifying a suite of automotive benchmarks that include powertrain control, automatic transmission, and several autonomous and ADAS features like automatic emergency braking, lane-merge, and auto-passing controllers.

show abstract

A CEGAR Tool for the Reachability Analysis of PLC-Controlled Plants Using Hybrid Automata

Cited by 13 publications

References 26 publications

Chaos Engineering for Enhanced Resilience of Cyber-Physical Systems

Chaos Engineering for Enhanced Resilience of Cyber-Physical Systems

Towards Automated Safety Vetting of PLC Code in Real-World Plants

DryVR: Data-Driven Verification and Compositional Reasoning for Automotive Systems

Contact Info

Product

Resources

About