6,406 research outputs found
Side-channel based intrusion detection for industrial control systems
Industrial Control Systems are under increased scrutiny. Their security is
historically sub-par, and although measures are being taken by the
manufacturers to remedy this, the large installed base of legacy systems cannot
easily be updated with state-of-the-art security measures. We propose a system
that uses electromagnetic side-channel measurements to detect behavioural
changes of the software running on industrial control systems. To demonstrate
the feasibility of this method, we show it is possible to profile and
distinguish between even small changes in programs on Siemens S7-317 PLCs,
using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see
https://polvanaubel.com/research/em-ics/code
Ladder Metamodeling & PLC Program Validation through Time Petri Nets
International audienceLadder Diagram (LD) is the most used programming language for Programmable Logical Controllers (PLCs). A PLC is a special purpose industrial computer used to automate industrial processes. Bugs in LD programs are very costly and sometimes are even a threat to human safety. We propose a model driven approach for formal verification of LD programs through model-checking. We provide a metamodel for a subset of the LD language. We define a time Petri net (TPN) semantics for LD programs through an ATL model transformation. Finally, we automatically generate behavioral properties over the LD models as LTL formulae which are then checked over the generated TPN using the model-checkers available in the Tina toolkit. We focus on race condition detection. This work is supported by the topcased project, part of the french cluster Aerospace Valley (granted by the french DGE), cf. http://www.topcased.or
Model of mechanism behavior for verification of PLC programs
More extensive work on formal methods is now available for checking PLC (Programmable Logic Controller) programs. To verify a PLC program, it is necessary to consider a set of properties to prove and one of the most interesting problems that the designers must deal is to deduce a set of properties that traduces all the safety requirements of the system behavior. In this paper, we explore the contribution of such a plant model within the context of deduction, in a systematized way, of a set of properties to prove, verifying the PLC program. Our study is primarily experimental in nature and based on a case study. A set of properties to be checked based on detailed plant model is proposed. We then analyze how a Symbolic Model-Checking tool (the NuSMV has been selected) ensures verification of these properties either with or without the considered plant model
LLM4PLC: Harnessing Large Language Models for Verifiable Programming of PLCs in Industrial Control Systems
Although Large Language Models (LLMs) have established pre-dominance in
automated code generation, they are not devoid of shortcomings. The pertinent
issues primarily relate to the absence of execution guarantees for generated
code, a lack of explainability, and suboptimal support for essential but niche
programming languages. State-of-the-art LLMs such as GPT-4 and LLaMa2 fail to
produce valid programs for Industrial Control Systems (ICS) operated by
Programmable Logic Controllers (PLCs). We propose LLM4PLC, a user-guided
iterative pipeline leveraging user feedback and external verification tools
including grammar checkers, compilers and SMV verifiers to guide the LLM's
generation. We further enhance the generation potential of LLM by employing
Prompt Engineering and model fine-tuning through the creation and usage of
LoRAs. We validate this system using a FischerTechnik Manufacturing TestBed
(MFTB), illustrating how LLMs can evolve from generating structurally flawed
code to producing verifiably correct programs for industrial applications. We
run a complete test suite on GPT-3.5, GPT-4, Code Llama-7B, a fine-tuned Code
Llama-7B model, Code Llama-34B, and a fine-tuned Code Llama-34B model. The
proposed pipeline improved the generation success rate from 47% to 72%, and the
Survey-of-Experts code quality from 2.25/10 to 7.75/10. To promote open
research, we share the complete experimental setup, the LLM Fine-Tuning
Weights, and the video demonstrations of the different programs on our
dedicated webpage.Comment: 12 pages; 8 figures; Appearing in the 46th International Conference
on Software Engineering: Software Engineering in Practice; for demo website,
see https://sites.google.com/uci.edu/llm4plc/hom
Model-based testing of PLC programs with appropriate conformance relations
International audienceNumerous theoretical results have been obtained in the field of conformance testing, a very promising formal technique to improve dependability of critical systems. Nevertheless, developing on this basis PLC test techniques that produce correct conformance verdicts requires to take into account the real technological features of PLC. This paper proposes conformance relations that meet this objective. Examples illustrate the benefits of the contribution
- …