Formal Verification of the Race Condition Vulnerability in Ladder Programs

2020 IEEE Conference on Control Technology and Applications (CCTA) Pub Date : 2020-08-01 DOI:10.1109/CCTA41146.2020.9206344

S. Mesli-Kesraoui, Olga Goubali, D. Kesraoui, Ibtihal Eloumami, F. Oquendo

{"title":"Formal Verification of the Race Condition Vulnerability in Ladder Programs","authors":"S. Mesli-Kesraoui, Olga Goubali, D. Kesraoui, Ibtihal Eloumami, F. Oquendo","doi":"10.1109/CCTA41146.2020.9206344","DOIUrl":null,"url":null,"abstract":"Ladder diagram is a widely used language for programming PLCs (Programmable Logic Controllers). The presence of a vulnerability in these programs and its exploitation by an attacker can have drastic consequences. The vulnerability of Race Condition is one of the most critical vulnerabilities in Ladder programs. The behavior of Ladder program with Race Condition is unpredictable and potentially dangerous. In this paper, we propose the formal modeling of this vulnerability allowing its detection by model checking. Concretely, our approach consists in translating the Ladder programs into a network of timed automata. The Race Condition vulnerability is then modeled as a CTL (Computational Tree Logic) property and the UPPAAL model checker is applied to verify the presence of Race Condition in those Ladder programs by verifying that CTL property. Contrary to other approaches proposed in the literature, our solution allows the Race Condition detection in all its forms and thus reinforces the robustness of Ladder programs against this type of attack.","PeriodicalId":241335,"journal":{"name":"2020 IEEE Conference on Control Technology and Applications (CCTA)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 IEEE Conference on Control Technology and Applications (CCTA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCTA41146.2020.9206344","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

Ladder diagram is a widely used language for programming PLCs (Programmable Logic Controllers). The presence of a vulnerability in these programs and its exploitation by an attacker can have drastic consequences. The vulnerability of Race Condition is one of the most critical vulnerabilities in Ladder programs. The behavior of Ladder program with Race Condition is unpredictable and potentially dangerous. In this paper, we propose the formal modeling of this vulnerability allowing its detection by model checking. Concretely, our approach consists in translating the Ladder programs into a network of timed automata. The Race Condition vulnerability is then modeled as a CTL (Computational Tree Logic) property and the UPPAAL model checker is applied to verify the presence of Race Condition in those Ladder programs by verifying that CTL property. Contrary to other approaches proposed in the literature, our solution allows the Race Condition detection in all its forms and thus reinforces the robustness of Ladder programs against this type of attack.

查看原文本刊更多论文

阶梯程序中竞争条件脆弱性的形式化验证

梯形图是一种广泛应用于plc(可编程逻辑控制器)编程的语言。这些程序中存在漏洞并被攻击者利用可能会产生严重后果。竞态条件的漏洞是梯形程序中最关键的漏洞之一。具有竞态条件的梯形程序的行为是不可预测的，具有潜在的危险性。在本文中，我们提出了该漏洞的形式化建模，允许通过模型检查对其进行检测。具体地说，我们的方法是将梯形程序转换成一个时间自动机网络。然后将竞态条件漏洞建模为CTL(计算树逻辑)属性，并应用UPPAAL模型检查器通过验证CTL属性来验证这些梯子程序中是否存在竞态条件。与文献中提出的其他方法相反，我们的解决方案允许所有形式的竞态条件检测，从而增强了Ladder程序对此类攻击的鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 IEEE Conference on Control Technology and Applications (CCTA)

自引率

0.00%

发文量