Detecting PLC control corruption via on-device runtime verification

García, Luis Antonio Ribot; Zonouz, Saman; Dong, Wei; Aguiar, Leandro Pfleger de

doi:10.1109/rweek.2016.7573309

Cited by 20 publications

(11 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…When this variable is true, a subroutine UPDATE PART(int) is called to conduct a 15step I/O operation on the RFID attached to the part (Ln. [36][37][38][39]. When this is done, the subroutine (Ln.47-60) will receive a RFID IO Complete signal and then notify its caller by setting the Boolean variable Update Complete.…”

Section: A Motivating Examplementioning

confidence: 99%

“…Many prior efforts [24], [28], [30], [31], [42], [44], [57], [58], [61], [63], [65] have been made to statically verify logic code using model checkers [15], [21]. Further efforts have also been made to conduct runtime verification in an online [39], [45] or offline manner [35], [62]. More recently, symbolic execution [43], [54] has been enabled on PLC code.…”

Section: Related Workmentioning

confidence: 99%

“…To address these limitations, prior work [35], [39], [45], [62] has explored the usage of dynamic simulations of runtime behaviors to detect PLC safety violations. In addition, recent work [43], [54] has enabled symbolic execution on PLC code.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Towards Automated Safety Vetting of PLC Code in Real-World Plants

Zhang

Chen

Kao

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Safety violations in programmable logic controllers (PLCs), caused either by faults or attacks, have recently garnered significant attention. However, prior efforts at PLC code vetting suffer from many drawbacks. Static analyses and verification cause significant false positives and cannot reveal specific runtime contexts. Dynamic analyses and symbolic execution, on the other hand, fail due to their inability to handle real-world PLC programs that are event-driven and timing sensitive. In this paper, we propose VETPLC, a temporal context-aware, program analysisbased approach to produce timed event sequences that can be used for automatic safety vetting. To this end, we (a) perform static program analysis to create timed event causality graphs in order to understand causal relations among events in PLC code and (b) mine temporal invariants from data traces collected in Industrial Control System (ICS) testbeds to quantitatively gauge temporal dependencies that are constrained by machine operations. Our VETPLC prototype has been implemented in 15K lines of code. We evaluate it on 10 real-world scenarios from two different ICS settings. Our experiments show that VETPLC outperforms state-of-the-art techniques and can generate event sequences that can be used to automatically detect hidden safety violations.

show abstract

Section: A Motivating Examplementioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Towards Automated Safety Vetting of PLC Code in Real-World Plants

Zhang

Chen

Kao

et al. 2019

2019 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

show abstract

“…Although being effective in some settings, existing defense approaches against PLC-oriented attacks have the following key limitations. Firstly, defending approaches adopted by intrusion detection systems (IDSs) [9][10][11] , deception defense [12][13][14] and attestation [15][16][17][18][19] take effect after attacks happened, mainly detecting them but not blocking them, while blocking technologies such as industrial firewalls alone are not able to effectively block growing sophisticated attacks [20][21][22] . Secondly, most existing approaches are designed based on the characteristics of one or several specific kinds of known attacks, such as [9,13,15].…”

Section: Introductionmentioning

confidence: 99%

“…To address these issues, in this paper, we present a novel proactive and PLC-compatible defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). Unlike existing approaches [13,[15][16][17]23] , HRPDF is designed to actively defend against a variety of attacks targeting the core software stack of PLC, including 1) firmware modification attacks (firmware level), 2) control logic tampering attacks (logic application level), and 3) PLC memory attacks (memory level). The success of HRPDF mainly depends on a novel software redundancy framework laying in multiple levels of the PLC's software stack.…”

Section: Introductionmentioning

confidence: 99%

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

Liu¹,

Wang

Wei³

et al. 2021

J. Comput. Sci. Technol.

View full text Add to dashboard Cite

Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC and an OpenPLC-based device, respectively. The results show that HRPDF can defend against multiple types of attacks with 10.22% additional CPU and 5.56% additional memory overhead, and about 0.6 ms additional time overhead.

show abstract