Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

A. Abbasi; Andrea Genuise

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

A. Abbasi, Andrea Genuise

Security

Research output: Chapter in Book/Report/Conference proceeding › Foreword/editorial › Academic

522 Downloads (Pure)

Abstract

Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

Original language	English
Title of host publication	Ghost in the PLC vs GhostBuster
Subtitle of host publication	On the Feasibility of Detecting Pin Control Attack in Programmable Logic Controllers
Number of pages	72
Publication status	Unpublished - 1 May 2017

Keywords

PLC
PCA
detection
ICS
SCADA

Access to Document

bare_conf

Vanishing Point: New PLC Malware Leverages Processor Problems to Go Dark
Abbasi, A.
3/12/16
1 item of Media coverage
Press/Media: Expert Comment

1 Conference contribution

Stealth low-level manipulation of programmable logic controllers I/O by pin control exploitation
Abbasi, A., Hashemi, M., Zambon, E. & Etalle, S., 10 Oct 2016, Critical Information Infrastructures Security - 11th International Conference, CRITIS 2016, Revised Selected Papers: 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers. Havarneanu, G., Setola, R., Nassopoulos, H. & Wolthusen, S. (eds.). Dordrecht: Springer, p. 1-12 12 p. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10242 LNCS).
Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review
6 Citations (Scopus)

Cite this

@inbook{4e42936b27764323941ba785bb6c4a54,

title = "Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers",

abstract = "Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.",

keywords = "PLC, PCA, detection, ICS, SCADA",

author = "A. Abbasi and Andrea Genuise",

year = "2017",

month = may,

day = "1",

language = "English",

booktitle = "Ghost in the PLC vs GhostBuster",

}

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers. / Abbasi, A.; Genuise, Andrea.
Ghost in the PLC vs GhostBuster: On the Feasibility of Detecting Pin Control Attack in Programmable Logic Controllers. 2017.

Research output: Chapter in Book/Report/Conference proceeding › Foreword/editorial › Academic

TY - CHAP

T1 - Ghost in the PLC vs GhostBuster

T2 - on the feasibility of detecting pin control attack in Programmable Logic Controllers

AU - Abbasi, A.

AU - Genuise, Andrea

PY - 2017/5/1

Y1 - 2017/5/1

N2 - Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

AB - Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

KW - PLC

KW - PCA

KW - detection

KW - ICS

KW - SCADA

M3 - Foreword/editorial

BT - Ghost in the PLC vs GhostBuster

ER -

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

Abstract

Keywords

Access to Document

Fingerprint

Press/Media

Vanishing Point: New PLC Malware Leverages Processor Problems to Go Dark

Research output

Stealth low-level manipulation of programmable logic controllers I/O by pin control exploitation

Cite this