Recently published scan data on Shodan shows how 105K IndustrialControl Systems (ICSs) around the world are directly accessiblefrom the Internet. In particular, highly sensitive components, suchas Programmable Logic Controllers (PLCs), are potentially accessibleto attackers who can implement several kinds of attacks. On theother hand, to accomplish non-trivial cyber-physical attacks theattacker must possess a sufficient degree of process comprehensionon the physical processes within the target ICS.In this paper, we explore the feasibility of designing obfuscationstrategies to prevent the attacker from comprehending the behaviorof the physical process within an ICS by accessing PLC memoryregisters. We propose two generic obfuscation strategies for PLCmemories, involving memory registers, PLC code, and simulatedphysical processes controlled by the obfuscated PLCs. We thenmeasure the effectiveness of the proposed obfuscation strategies interms of potency, resilience, and cost on a non-trivial case study.

Towards Obfuscation of Programmable Logic Controllers

Cozza, Vittoria
;
Dalla Preda, Mila
;
Lucchese, Marco;Merro, Massimo
;
2023-01-01

Abstract

Recently published scan data on Shodan shows how 105K IndustrialControl Systems (ICSs) around the world are directly accessiblefrom the Internet. In particular, highly sensitive components, suchas Programmable Logic Controllers (PLCs), are potentially accessibleto attackers who can implement several kinds of attacks. On theother hand, to accomplish non-trivial cyber-physical attacks theattacker must possess a sufficient degree of process comprehensionon the physical processes within the target ICS.In this paper, we explore the feasibility of designing obfuscationstrategies to prevent the attacker from comprehending the behaviorof the physical process within an ICS by accessing PLC memoryregisters. We propose two generic obfuscation strategies for PLCmemories, involving memory registers, PLC code, and simulatedphysical processes controlled by the obfuscated PLCs. We thenmeasure the effectiveness of the proposed obfuscation strategies interms of potency, resilience, and cost on a non-trivial case study.
2023
Code obfuscation
Process comprehension
Programmable logic controller
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11562/1097986
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact