V. Cozza, Mila Dalla Preda, Marco Lucchese, Massimo Merro, Nicola Zannone
{"title":"可编程逻辑控制器的混淆研究","authors":"V. Cozza, Mila Dalla Preda, Marco Lucchese, Massimo Merro, Nicola Zannone","doi":"10.1145/3600160.3605081","DOIUrl":null,"url":null,"abstract":"Recently published scan data on Shodan shows how 105K Industrial Control Systems (ICSs) around the world are directly accessible from the Internet. In particular, highly sensitive components, such as Programmable Logic Controllers (PLCs), are potentially accessible to attackers who can implement several kinds of attacks. On the other hand, to accomplish non-trivial cyber-physical attacks the attacker must possess a sufficient degree of process comprehension on the physical processes within the target ICS. In this paper, we explore the feasibility of designing obfuscation strategies to prevent the attacker from comprehending the behavior of the physical process within an ICS by accessing PLC memory registers. We propose two generic obfuscation strategies for PLC memories, involving memory registers, PLC code, and simulated physical processes controlled by the obfuscated PLCs. We then measure the effectiveness of the proposed obfuscation strategies in terms of potency, resilience, and cost on a non-trivial case study.","PeriodicalId":107145,"journal":{"name":"Proceedings of the 18th International Conference on Availability, Reliability and Security","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2023-08-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Towards Obfuscation of Programmable Logic Controllers\",\"authors\":\"V. Cozza, Mila Dalla Preda, Marco Lucchese, Massimo Merro, Nicola Zannone\",\"doi\":\"10.1145/3600160.3605081\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently published scan data on Shodan shows how 105K Industrial Control Systems (ICSs) around the world are directly accessible from the Internet. In particular, highly sensitive components, such as Programmable Logic Controllers (PLCs), are potentially accessible to attackers who can implement several kinds of attacks. On the other hand, to accomplish non-trivial cyber-physical attacks the attacker must possess a sufficient degree of process comprehension on the physical processes within the target ICS. In this paper, we explore the feasibility of designing obfuscation strategies to prevent the attacker from comprehending the behavior of the physical process within an ICS by accessing PLC memory registers. We propose two generic obfuscation strategies for PLC memories, involving memory registers, PLC code, and simulated physical processes controlled by the obfuscated PLCs. We then measure the effectiveness of the proposed obfuscation strategies in terms of potency, resilience, and cost on a non-trivial case study.\",\"PeriodicalId\":107145,\"journal\":{\"name\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-08-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 18th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3600160.3605081\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 18th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3600160.3605081","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Towards Obfuscation of Programmable Logic Controllers
Recently published scan data on Shodan shows how 105K Industrial Control Systems (ICSs) around the world are directly accessible from the Internet. In particular, highly sensitive components, such as Programmable Logic Controllers (PLCs), are potentially accessible to attackers who can implement several kinds of attacks. On the other hand, to accomplish non-trivial cyber-physical attacks the attacker must possess a sufficient degree of process comprehension on the physical processes within the target ICS. In this paper, we explore the feasibility of designing obfuscation strategies to prevent the attacker from comprehending the behavior of the physical process within an ICS by accessing PLC memory registers. We propose two generic obfuscation strategies for PLC memories, involving memory registers, PLC code, and simulated physical processes controlled by the obfuscated PLCs. We then measure the effectiveness of the proposed obfuscation strategies in terms of potency, resilience, and cost on a non-trivial case study.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
