Reverse Engineering Physical Semantics of PLC Program Variables Using Control Invariants
Abstrak
Semantic attacks have incurred increasing threats to Industrial Control Systems (ICSs), which manipulate targeted system modules by identifying the physical semantics of variables in Programmable Logic Controllers (PLCs) programs, i.e., the sensing/actuating modules represented by the variables. This is usually (and inefficiently) achieved via manual examination of system documents and long-term observation of system behavior. In this paper, we design ARES, a method that Automatically Reverse Engineers the Semantics of variables in PLC programs without requiring any domain knowledge. ARES is built on the fact that the Supervisory Control And Data Acquisition (SCADA) system monitors the behavior of PLC using a fixed mapping between the variables of program code and data log, and the data log variables are marked with physical semantics. By identifying the mapping between PLC code and SCADA data (i.e., the code-data mapping), ARES reverse engineers the physical semantics of program variables. ARES also sheds light on the preferred practices in implementing control rules that improve the resistance of PLC programs to semantic attacks. We have experimentally evaluated ARES and the recommended implementation practices on two ICS platforms.
Topik & Kata Kunci
Penulis (6)
Zeyu Yang
Liang He
H. Yu
Chengcheng Zhao
Peng Cheng
Jiming Chen
Akses Cepat
- Tahun Terbit
- 2022
- Bahasa
- en
- Total Sitasi
- 10×
- Sumber Database
- Semantic Scholar
- DOI
- 10.1145/3560905.3568521
- Akses
- Open Access ✓