Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

A. Abbasi; Andrea Genuise

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

A. Abbasi, Andrea Genuise

Security

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Voorwoord/editorial › Academic

529 Downloads (Pure)

Samenvatting

Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

Originele taal-2	Engels
Titel	Ghost in the PLC vs GhostBuster
Subtitel	On the Feasibility of Detecting Pin Control Attack in Programmable Logic Controllers
Aantal pagina's	72
Status	Niet gepubliceerd - 1 mei 2017

Toegang tot document

bare_conf

Vanishing Point: New PLC Malware Leverages Processor Problems to Go Dark
Abbasi, A.
3/12/16
1 item van Media-aandacht
Pers / media: Vakinhoudelijk commentaar

1 Conferentiebijdrage

Stealth low-level manipulation of programmable logic controllers I/O by pin control exploitation
Abbasi, A., Hashemi, M., Zambon, E. & Etalle, S., 10 okt. 2016, Critical Information Infrastructures Security - 11th International Conference, CRITIS 2016, Revised Selected Papers: 11th International Conference, CRITIS 2016, Paris, France, October 10–12, 2016, Revised Selected Papers. Havarneanu, G., Setola, R., Nassopoulos, H. & Wolthusen, S. (uitgave). Dordrecht: Springer, blz. 1-12 12 blz. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); vol. 10242 LNCS).
Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review
6 Citaten (Scopus)

Citeer dit

@inbook{4e42936b27764323941ba785bb6c4a54,

title = "Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers",

abstract = "Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.",

keywords = "PLC, PCA, detection, ICS, SCADA",

author = "A. Abbasi and Andrea Genuise",

year = "2017",

month = may,

day = "1",

language = "English",

booktitle = "Ghost in the PLC vs GhostBuster",

}

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers. / Abbasi, A.; Genuise, Andrea.
Ghost in the PLC vs GhostBuster: On the Feasibility of Detecting Pin Control Attack in Programmable Logic Controllers. 2017.

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Voorwoord/editorial › Academic

TY - CHAP

T1 - Ghost in the PLC vs GhostBuster

T2 - on the feasibility of detecting pin control attack in Programmable Logic Controllers

AU - Abbasi, A.

AU - Genuise, Andrea

PY - 2017/5/1

Y1 - 2017/5/1

N2 - Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

AB - Programmable Logic Controllers (PLCs) are a family of embedded devices used for physical process control. Similar to other embedded devices, PLCs are vulnerable to cyber attacks. Because they are used to control the physical processes of critical infrastructures, compromised PLCs constitute a significant security and safety risk. Previously we introduced specific attack against PLCs which can stealthily manipulate the physical process it controls by tampering with the device I/O at a low level. We implemented different variants of the attack in the form of a rootkit and a user-space malicious code over a candidate PLC. We then move forward with a tailored defense which specifically detect modification of PLCs I/O to detect our attack.

KW - PLC

KW - PCA

KW - detection

KW - ICS

KW - SCADA

M3 - Foreword/editorial

BT - Ghost in the PLC vs GhostBuster

ER -

Ghost in the PLC vs GhostBuster: on the feasibility of detecting pin control attack in Programmable Logic Controllers

Samenvatting

Toegang tot document

Vingerafdruk

Pers/Media

Vanishing Point: New PLC Malware Leverages Processor Problems to Go Dark

Onderzoekersoutput

Stealth low-level manipulation of programmable logic controllers I/O by pin control exploitation

Citeer dit