nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

On Ladder Logic Bombs in Industrial Control Systems

verfasst von : Naman Govil, Anand Agrawal, Nils Ole Tippenhauer

Erschienen in: Computer Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In industrial control systems, devices such as Programmable Logic Controllers (PLCs) are commonly used to directly interact with sensors and actuators, and perform local automatic control. PLCs run software on two different layers: (a) firmware (i.e. the OS) and (b) control logic (processing sensor readings to determine control actions).

In this work, we discuss ladder logic bombs, i.e. malware written in ladder logic (or one of the other IEC 61131-3-compatible languages). Such malware would be inserted by an attacker into existing control logic on a PLC, and either persistently change the behavior, or wait for specific trigger signals to activate malicious behavior. For example, the LLB could replace legitimate sensor readings with manipulated values. We see the concept of LLBs as a generalization of attacks such as the Stuxnet attack. We introduce LLBs on an abstract level, and then demonstrate several designs based on real PLC devices in our lab. In particular, we also focus on stealthy LLBs, i.e. LLBs that are hard to detect by human operators manually validating the program running in PLCs.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Stealthy Deception Attacks Against SCADA Systems

Nächstes Kapitel Enforcing Memory Safety in Cyber-Physical Systems

Beresford, D.: Exploiting Siemens Simatic S7 PLCs. In: Proceedings of Black Hat USA (2011)

Cárdenas, A.A., Amin, S., Sastry, S.: Research challenges for the security of control systems. In: Proceedings of USENIX Workshop on Hot Topics in Security (HotSec) (2008)

Caselli, M., Zambon, E., Kargl, F.: Sequence-aware intrusion detection in industrial control systems. In: Proceedings of the Workshop on Cyber-Physical System Security (CPSS), pp. 13–24. ACM (2015)

Chabukswar, R., Sinópoli, B., Karsai, G., Giani, A., Neema, H., Davis, A.: Simulation of network attacks on SCADA systems. In: Proceedings of Workshop on Secure Control Systems (2010)

Falliere, N., Murchu, L.O., Chien, E.: W32.Stuxnet dossier

Goldenberg, N., Wool, A.: Accurate modeling of Modbus/TCP for intrusion detection in SCADA systems. Int. J. Crit. Infrastruct. Prot. 6(2), 63–75 (2013)CrossRef

John, K.H., Tiegelkamp, M.: IEC 61131–3: Programming Industrial Automation Systems: Concepts and Programming Languages, Requirements for Programming Systems, Decision-Making Aids, 2nd edn. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12015-2

Karnouskos, S.: Stuxnet worm impact on industrial cyber-physical system security. In: Proceedings of Conference on Industrial Electronics Society (IECON), pp. 4490–4494. IEEE (2011)

Kim, D.-Y.: Cyber security issues imposed on nuclear power plants. Ann. Nucl. Energy 65, 141–143 (2014)CrossRef

10.

Kim, G.H., Spafford, E.H.: The design and implementation of tripwire: a file system integrity checker. In: Proceedings of the Conference on Computer and Communications Security (CCS), pp. 18–29. ACM (1994)

11.

Kosut, O., Jia, L., Thomas, R., Tong, L.: Malicious data attacks on smart grid state estimation: attack strategies and countermeasures. In: Proceedings of the IEEE Conference on Smart Grid Communications (SmartGridComm), pp. 220–225, October 2010

12.

Krotofil, M., Cárdenas, A.A., Manning, B., Larsen, J.: CPS: driving cyber-physical systems to unsafe operating conditions by timing DoS attacks on sensor signals. In: Proceedings of the Conference on Annual Computer Security Applications Conference (ACSAC), pp. 146–155. ACM (2014)

13.

Lin, J., Yu, W., Yang, X., Xu, G., Zhao, W.: On false data injection attacks against distributed energy routing in smart grid. In: Proceedings of Conference on Cyber-Physical Systems (ICCPS) (2012)

14.

Liu, Y., Ning, P., Reiter, M.K.: False data injection attacks against state estimation in electric power grids. ACM Trans. Inf. Syst. Secur. (TISSEC) 14(1), 13 (2011)CrossRef

15.

McLaughlin, S.: On dynamic malware payloads aimed at programmable logic controllers. In: Proceedings of USENIX Conference on Hot Topics in Security (HotSec), p. 10, August 2013

16.

McLaughlin, S., McDaniel, P.: SABOT: specification-based payload generation for programmable logic controllers. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS), pp. 439–449. ACM (2012)

17.

McLaughlin, S.E., Zonouz, S.A., Pohly, D.J., McDaniel, P.D.: A trusted safety verifier for process controller code. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (2014)

18.

Milinkovic, S.A., Lazic, L.R.: Industrial PLC security issues. In: Proceedings of Conference on Telecommunications Forum (TELFOR), pp. 1536–1539. IEEE (2012)

19.

Morris, T.H., Gao, W.: Industrial control system cyber attacks. In: Proceedings of the Symposium for ICS and SCADA Cyber Security Research (ICS-CSR). BCS Learning and Development Ltd. (2013)

20.

Pollet, J.: Electricity for free? The dirty underbelly of SCADA and smart meters. In: Proceedings of Black Hat USA (2010)

21.

Wang, E., Ye, Y., Xu, X., Yiu, S., Hui, L., Chow, K.: Security issues and challenges for cyber physical system. In: Proceedings of Conference on Cyber, Physical and Social Computing (CPSCom), pp. 733–738, December 2010

22.

Zhu, B., Joseph, A., Sastry, S.: A taxonomy of cyber attacks on SCADA systems. In: Proceedings of Conference on Cyber, Physical and Social Computing (CPSCom), pp. 380–388 (2011)

23.

Zonouz, S., Rogers, K., Berthier, R., Bobba, R., Sanders, W., Overbye, T.: SCPSE: security-oriented cyber-physical state estimation for power grid critical infrastructures. IEEE Trans. Smart Grid 3(4), 1790–1799 (2012)CrossRef

24.

Zonouz, S., Rrushi, J., McLaughlin, S.: Detecting industrial control malware using automated PLC code analytics. IEEE Secur. Priv. 12(6), 40–47 (2014)CrossRef

Titel: On Ladder Logic Bombs in Industrial Control Systems
verfasst von: Naman Govil
Anand Agrawal
Nils Ole Tippenhauer
Verlag: Springer International Publishing
Buch: Computer Security
Print ISBN: 978-3-319-72816-2

Electronic ISBN: 978-3-319-72817-9

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-72817-9_8

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner