Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.
|Title of host publication||Ghost in the PLC vs GhostBuster|
|Subtitle of host publication||On the Feasibility of Detecting Pin Control Attack in Programmable Logic Controllers|
|Number of pages||72|
|Publication status||Unpublished - 1 May 2017|