TY - GEN
T1 - Towards automated safety vetting of PLC code in real-world plants
AU - Zhang, Mu
AU - Chen, Chien Ying
AU - Kao, Bin Chou
AU - Qamsane, Yassine
AU - Shao, Yuru
AU - Lin, Yikai
AU - Shi, Elaine
AU - Mohan, Sibin
AU - Barton, Kira
AU - Moyne, James
AU - Mao, Z. Morley
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/5
Y1 - 2019/5
N2 - Safety violations in programmable logic controllers (PLCs), caused either by faults or attacks, have recently garnered significant attention. However, prior efforts at PLC code vetting suffer from many drawbacks. Static analyses and verification cause significant false positives and cannot reveal specific runtime contexts. Dynamic analyses and symbolic execution, on the other hand, fail due to their inability to handle real-world PLC programs that are event-driven and timing sensitive. In this paper, we propose VetPLC, a temporal context-aware, program analysis-based approach to produce timed event sequences that can be used for automatic safety vetting. To this end, we (a) perform static program analysis to create timed event causality graphs in order to understand causal relations among events in PLC code and (b) mine temporal invariants from data traces collected in Industrial Control System (ICS) testbeds to quantitatively gauge temporal dependencies that are constrained by machine operations. Our VetPLC prototype has been implemented in 15K lines of code. We evaluate it on 10 real-world scenarios from two different ICS settings. Our experiments show that VetPLC outperforms state-of-the-art techniques and can generate event sequences that can be used to automatically detect hidden safety violations.
AB - Safety violations in programmable logic controllers (PLCs), caused either by faults or attacks, have recently garnered significant attention. However, prior efforts at PLC code vetting suffer from many drawbacks. Static analyses and verification cause significant false positives and cannot reveal specific runtime contexts. Dynamic analyses and symbolic execution, on the other hand, fail due to their inability to handle real-world PLC programs that are event-driven and timing sensitive. In this paper, we propose VetPLC, a temporal context-aware, program analysis-based approach to produce timed event sequences that can be used for automatic safety vetting. To this end, we (a) perform static program analysis to create timed event causality graphs in order to understand causal relations among events in PLC code and (b) mine temporal invariants from data traces collected in Industrial Control System (ICS) testbeds to quantitatively gauge temporal dependencies that are constrained by machine operations. Our VetPLC prototype has been implemented in 15K lines of code. We evaluate it on 10 real-world scenarios from two different ICS settings. Our experiments show that VetPLC outperforms state-of-the-art techniques and can generate event sequences that can be used to automatically detect hidden safety violations.
KW - Cyber-Physical-Systems-Security
KW - Industrial-Control-Systems-Security
KW - Programmable-Logic-Controller
KW - Smart-Manufacturing
KW - Vulnerability
UR - http://www.scopus.com/inward/record.url?scp=85072933262&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072933262&partnerID=8YFLogxK
U2 - 10.1109/SP.2019.00034
DO - 10.1109/SP.2019.00034
M3 - Conference contribution
AN - SCOPUS:85072933262
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 522
EP - 538
BT - Proceedings - 2019 IEEE Symposium on Security and Privacy, SP 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 40th IEEE Symposium on Security and Privacy, SP 2019
Y2 - 19 May 2019 through 23 May 2019
ER -