Code integrity attestation for PLCs using black box neural network predictions

  title={Code integrity attestation for PLCs using black box neural network predictions},
  author={Yuqi Chen and Christopher M. Poskitt and Jun Sun},
  journal={Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering},
  • Yuqi Chen, Christopher M. Poskitt, Jun Sun
  • Published 15 June 2021
  • Computer Science
  • Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Cyber-physical systems (CPSs) are widespread in critical domains, and significant damage can be caused if an attacker is able to modify the code of their programmable logic controllers (PLCs). Unfortunately, traditional techniques for attesting code integrity (i.e. verifying that it has not been modified) rely on firmware access or roots-of-trust, neither of which proprietary or legacy PLCs are likely to provide. In this paper, we propose a practical code integrity checking solution based on… 

Figures and Tables from this paper


PLCDefender: Improving Remote Attestation Techniques for PLCs Using Physical Model
PLCDefender is proposed, a mitigation method that combines hybrid remote attestation technique with a physics-based model to preserve the control behavior integrity of ICS and can model PLC physical behavior with accuracy as high as 98%.
Towards Automated Safety Vetting of PLC Code in Real-World Plants
The experiments show that VetPLC outperforms state-of-the-art techniques and can generate event sequences that can be used to automatically detect hidden safety violations.
Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System
This paper proposes a novel approach for constructing models of CPS automatically, by applying supervised machine learning to data traces obtained after systematically seeding their software components with faults ("mutants").
Active fuzzing for testing and securing cyber-physical systems
This work proposes active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings.
C-FLAT: Control-Flow Attestation for Embedded Systems Software
The design and implementation of Control-FLow ATtestation (C-FLAT) is presented that enables remote attestation of an application's control-flow path, without requiring the source code, and its performance is evaluated using a real-world embedded application and against control- flow hijacking attacks.
SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses
Challenges in every aspect of formal verification are discovered, rising from the ever-expanding attack surface from evolved system design, the real-time constraint during the program execution, and the barrier in security evaluation given proprietary and vendor-specific dependencies on different techniques.
PLC-Sleuth: Detecting and Localizing PLC Intrusions Using Control Invariants
PLC-Sleuth is a novel non-invasive intrusion detection/localization system for PLCs, grounding on a set of control invariants that exist pervasively in all control systems.
ECFI: Asynchronous Control Flow Integrity for Programmable Logic Controllers
A novel, PLC-compatible control-flow integrity (CFI) mechanism named ECFI is introduced to protect such devices from control- flow hijacking attacks and is demonstrated to be an efficient, non-intrusive CFI solution that does not impose notable performance overhead.
Scanning the Cycle: Timing-based Authentication on PLCs
A novel technique to authenticate PLCs is proposed that aims at raising the bar against powerful attackers while being compatible with real-time systems.
Control Behavior Integrity for Distributed Cyber-Physical Systems
Scadman is presented, a novel control-logic aware anomaly detection system for distributed cyber-physical systems that can detect a wide range of attacks–including attacks that have previously been undetectable by typical state estimation techniques–while causing no false-positive warning for nominal threshold values.