3.8 KiB
Executable File
| readstatus | dateread | title | year | authors | citekey | ||||
|---|---|---|---|---|---|---|---|---|---|
| false | SoK: Attacks on Industrial Control Logic and Formal Verification-Based Defenses | 2021 |
|
sunSoKAttacksIndustrial2021 |
Indexing Information
DOI
ISBN
Tags:
[!Abstract] Programmable Logic Controllers (PLCs) play a critical role in the industrial control systems. Vulnerabilities in PLC programs might lead to attacks causing devastating consequences to the critical infrastructure, as shown in Stuxnet and similar attacks. In recent years, we have seen an exponential increase in vulnerabilities reported for PLC control logic. Looking back on past research, we found extensive studies explored control logic modification attacks, as well as formal verification-based security solutions.
[!note] Markdown Notes Comment: 18 pages w/ ref, Sok, PLC, ICS, CPS, attack, formal verification
Comment: 18 pages w/ ref, Sok, PLC, ICS, CPS, attack, formal verification
Comment: 18 pages w/ ref, Sok, PLC, ICS, CPS, attack, formal verification
Annotations
[!done] Quote Industrial control systems (ICS) are subject to attacks sabotaging the physical processes, as shown in Stuxnet [33], Havex [46], TRITON [31], Black Energy [8], and the German Steel Mill [63]. PLCs are the last line in controlling and defending for these critical ICS systems.
[!fail] Possibly Incorrect PLCs are the last line in controlling and defending for these critical ICS systems.
[!done] Quote .1.1. Programming languages. IEC-61131 [87] defined five types of languages for PLC source code: • Ladder diagram (LD), • Structured text (ST), • Function block diagram (FBD), • Sequential function chart (SFC), • Instruction list (IL). Among them, LD, FBD, and SFC are graph-based languages. IL was deprecated in 2013. PLC programs are developed in engineering stations, which provide standard-compliant or vendor-specific Integrated Development Environments (IDEs) and compilers. Some highend PLCs also support computer-compatible languages (e.g., C, BASIC, and assembly), special high-level languages (e.g., Siemens GRAPH5 [2]), and boolean logic languages [67].
[!attention] Highlight Unlike conventional software that follows well-documented formats, such as Executable and Linkable Format (ELF) for Linux and Portable Executable (PE) for Windows, the format of PLC binaries is often proprietary and unknown. Therefore, further exploration requires reverse engineering.
[!fail] Possibly Incorrect showed
[!quote] Other Highlight An extended background in Appendix A provides an example of an ST program controlling the traffic lights in a road intersection, an example of an input manipulation attack, and the process of using formal verification to detect and prevent it.
[!quote] Other Highlight Formal methods have demonstrated uniqueness and practicality to the PLC industry. For example, Beckhoff TwinCat 3 and Nuclear Development Environment 2.0 have integrated safety verification during PLC program implementation [56]. Formal methods have also been used in the PLC programs controlling Ontario Power Generation, and Darlington Nuclear Power Generating Station [76]. Nevertheless, we found existing research to be ad-hoc, and the area is still new to the security community. We believe our systematization can benefit the community with recommendations for future research directions.
[!attention] Highlight We also recommend future studies to develop PLC security benchmarks, including a collection of open-source programs that are vendor-independent and can represent industrial complexities, and a set of security metrics that can support concrete evaluations.