SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses

@article{Sun2021SoKAO,
  title={SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses},
  author={Ruimin Sun and Alejandro Mera and Long Lu and David R. Choffnes},
  journal={2021 IEEE European Symposium on Security and Privacy (EuroS\&P)},
  year={2021},
  pages={385-402}
}
Programmable Logic Controllers (PLCs) play a critical role in the industrial control systems. Vulnerabilities in PLC programs might lead to attacks causing devastating consequences to the critical infrastructure, as shown in Stuxnet and similar attacks. In recent years, we have seen an exponential increase in vulnerabilities reported for PLC control logic. Looking back on past research, we found extensive studies explored control logic modification attacks, as well as formal verification-based… Expand
Chapter 1 ATTACKING THE IEC-61131 LOGIC ENGINE IN PROGRAMMABLE LOGIC CONTROLLERS IN INDUSTRIAL CONTROL SYSTEMS
In industrial control systems (ICS), programmable logic controllers (PLCs) directly monitor and control a physical process such as nuclear power plants, gas pipelines, and water treatment. They areExpand
Code integrity attestation for PLCs using black box neural network predictions
TLDR
This paper proposes a practical code integrity checking solution based on privacy-preserving black box models that instead attest the input/output behaviour of PLC programs and finds that it is not practically possible to simultaneously modify the PLC code and apply discreet adversarial noise to the authors' attesters in a way that leads to consistent (mis-)predictions. Expand
Practical Adoption of Cloud Computing in Power Systems - Drivers, Challenges, Guidance, and Real-world Use Cases
  • Song Zhang, Amritanshu Pandey, +5 authors Eduardo Luzcando
  • Engineering, Computer Science
  • ArXiv
  • 2021
TLDR
The business drivers, challenges, guidance, and best practices for cloud adoption in power systems from the Task Force’s perspective are summarized, after extensive review and deliberation by its members, including grid operators, utility companies, software vendors, and cloud providers. Expand

References

SHOWING 1-10 OF 141 REFERENCES
Control Logic Injection Attacks on Industrial Control Systems
TLDR
This paper presents two new control logic injection attacks that can subvert intrusion detection methods successfully, such as signature-based intrusion detection and Anagram-based DPI and implements the attacks on two industry-scale PLCs of different vendors. Expand
Denial of Engineering Operations Attacks in Industrial Control Systems
TLDR
The first decompiler for ladder logic programs, Laddis, transforms a low-level representation to its corresponding high-level original representation comprising of graphical symbols and connections and demonstrates perfect reconstruction of the original program. Expand
Intrusion Detection in PLC-Based Industrial Control Systems Using Formal Verification Approach in Conjunction with Graphs
TLDR
The premise of the study is that logic intrusions in PLC based ICS can be identified by the changes in the PLC code, and the methodology proposed can successfully detect those changes by observing the code’s graph model. Expand
CLIK on PLCs! Attacking Control Logic with Decompilation and Virtual PLC
TLDR
A critical (zero-day) vulnerability in the password authentication mechanism of a target PLC is found, which allows the attacker to overwrite password hash in the PLC during the authentication process and gain access to the (protected) control logic. Expand
Detecting PLC control corruption via on-device runtime verification
With an increased emphasis on the cyber-physical security of safety-critical industrial control systems, programmable logic controllers have been targeted by both security researchers and attackersExpand
Overshadow PLC to Detect Remote Control-Logic Injection Attacks
TLDR
Shade, a novel shadow memory technique that observes the network traffic to maintain a local copy of the current state of a PLC memory and can detect an attack instance accurately without any false alarms is presented. Expand
Programmable Logic Controller Modification Attacks for use in Detection Analysis
Abstract : Unprotected Supervisory Control and Data Acquisition (SCADA) systems offer promising targets to potential attackers. Field devices, such as Programmable Logic Controllers (PLCs), are ofExpand
An evaluation of modification attacks on programmable logic controllers
TLDR
The feasibility of modifying PLC firmware to execute remotely-triggered attacks is examined and design recommendations are suggested to help mitigate potential weaknesses in future firmware development. Expand
Controller-aware false data injection against programmable logic controllers
TLDR
This paper presents a new class of FDI attacks directly against individual Programmable Logic Controllers (PLCs), which are ubiquitous in power generation and distribution and allows the adversary to have only partial information about the victim subsystem, and produces a predictable malicious result. Expand
Detecting Payload Attacks on Programmable Logic Controllers (PLCs)
  • Huan Yang, L. Cheng, M. Chuah
  • Computer Science
  • 2018 IEEE Conference on Communications and Network Security (CNS)
  • 2018
TLDR
The proposed firmware-level payload attack detection scheme complements existing bumpin-the-wire solutions in that it can detect payload attacks that violate realtime requirements of ICS operations and does not require any additional apparatus. Expand
...
1
2
3
4
5
...