2,194 research outputs found
Firmware Modification Analysis in Programmable Logic Controllers
Incorporating security in supervisory control and data acquisition (SCADA) systems and sensor networks has proven to be a pervasive problem due to the constraints and demands placed on these systems. Both attackers and security professionals seek to uncover the inherent roots of trust in a system to achieve opposing goals. With SCADA systems, a battle is being fought at the cyber -- physical level, specifically the programmable logic controller (PLC). The Stuxnet worm, which became increasingly apparent in the summer of 2010, has shown that modifications to a SCADA system can be discovered on infected engineering workstations on the network, to include the ladder logic found in the PLC. However, certain firmware modifications made to a PLC can go undetected due to the lack of effective techniques available for detecting them. Current software auditing tools give an analyst a singular view of assembly code, and binary difference programs can only show simple differences between assembly codes. Additionally, there appears to be no comprehensive software tool that aids an analyst with evaluating a PLC firmware file for modifications and displaying the resulting effects. Manual analysis is time consuming and error prone. Furthermore, there are not enough talented individuals available in the industrial control system (ICS) community with an in-depth knowledge of assembly language and the inner workings of PLC firmware. This research presents a novel analysis technique that compares a suspected-altered firmware to a known good firmware of a specific PLC and performs a static analysis of differences. This technique includes multiple tests to compare both firmware versions, detect differences in size, and code differences such as removing, adding, or modifying existing functions in the original firmware. A proof-of-concept experiment demonstrates the functionality of the analysis tool using different firmware versions from an Allen-Bradley ControlLogix L61 PLC
A Survey on Data Plane Programming with P4: Fundamentals, Advances, and Applied Research
With traditional networking, users can configure control plane protocols to
match the specific network configuration, but without the ability to
fundamentally change the underlying algorithms. With SDN, the users may provide
their own control plane, that can control network devices through their data
plane APIs. Programmable data planes allow users to define their own data plane
algorithms for network devices including appropriate data plane APIs which may
be leveraged by user-defined SDN control. Thus, programmable data planes and
SDN offer great flexibility for network customization, be it for specialized,
commercial appliances, e.g., in 5G or data center networks, or for rapid
prototyping in industrial and academic research. Programming
protocol-independent packet processors (P4) has emerged as the currently most
widespread abstraction, programming language, and concept for data plane
programming. It is developed and standardized by an open community and it is
supported by various software and hardware platforms. In this paper, we survey
the literature from 2015 to 2020 on data plane programming with P4. Our survey
covers 497 references of which 367 are scientific publications. We organize our
work into two parts. In the first part, we give an overview of data plane
programming models, the programming language, architectures, compilers,
targets, and data plane APIs. We also consider research efforts to advance P4
technology. In the second part, we analyze a large body of literature
considering P4-based applied research. We categorize 241 research papers into
different application domains, summarize their contributions, and extract
prototypes, target platforms, and source code availability.Comment: Submitted to IEEE Communications Surveys and Tutorials (COMS) on
2021-01-2
VIRTUAL PLC PLATFORM FOR SECURITY AND FORENSICS OF INDUSTRIAL CONTROL SYSTEMS
Industrial Control Systems (ICS) are vital in managing critical infrastructures, including nuclear power plants and electric grids. With the advent of the Industrial Internet of Things (IIoT), these systems have been integrated into broader networks, enhancing efficiency but also becoming targets for cyberattacks. Central to ICS are Programmable Logic Controllers (PLCs), which bridge the physical and cyber worlds and are often exploited by attackers. There\u27s a critical need for tools to analyze cyberattacks on PLCs, uncover vulnerabilities, and improve ICS security. Existing tools are hindered by the proprietary nature of PLC software, limiting scalability and efficiency.
To overcome these challenges, I developed a Virtual PLC Platform (VPP) for forensic analyses of ICS attacks and vulnerability identification. The VPP employs the packet replay technique, using network traffic to create a PLC template. This template guides the virtual PLC in network communication, mimicking real PLCs. A Protocol Reverse Engineering Engine (PREE) module assists in reverse-engineering ICS protocols and discovering vulnerabilities. The VPP is automated, supporting PLCs from various vendors, and eliminates manual reverse engineering. This dissertation highlights the architecture and applications of the VPP in forensic analysis, reverse engineering, vulnerability discovery, and threat intelligence gathering, all crucial to bolstering the security and integrity of critical infrastructure
Recommended from our members
Event detection using roles and relationships of entities
A method, system, and computer program product for event detection using roles and relationships of entities are provided in the illustrative embodiments. A training event and a set of entities participating in the training event are identified in a training data. For a first entity in the set of entities, a first role occupied by the entity in the event is determined. A behavior attribute is assigned to the first role. A relationship of the first role with a second role corresponding to a second entity in the set of entities is determined. An event rule is constructed to detect an event corresponding to the training event in new data and comprising a plurality of roles, behavior attributes, and the relationship. The plurality of roles includes the first role and the second role, and the plurality of behavior attributes includes the behavior attribute assigned to the first role.Board of Regents, University of Texas Syste
Modification of Control Oil Feeding with PLC Using Simulation Visual Basic and Neural Network Analysis
The oil feeding system is an oil distribution system used in engine lubrication by flowing it directly to the engine parts to be lubricated through pipes. In addition, it is also a raw material for the production process by collecting the oil first in the storage tank, then weighing it on the oil scale before use in the production process. The current control is still using the conventional model. The operating system is still manual, and the absence of identity and damage information makes it difficult for the engineer to troubleshoot. The research method is to modify the oil feeding system control using PLC (Programmable Logic Controller) and Visual Basic to display process information. This process uses the Neural Network (NN) method. The simulation results show that the PLC program and visual basic software can be connected properly. The speed of the data transfer test connection that can be obtained is 32 ms. The prediction process of the oil feeding system using the backpropagation algorithm Neural Network and the activation function, which uses the binary sigmoid function (logsig) with the 17-10-1 architecture having very good performance getting the MSE value below the error value of 0.001 maximum epoch 961 and hidden layer 10 with an MSE value of 0.00099915
- …