Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Towards Reverse Engineering of Industrial Physical Processes

  • Conference paper
  • First Online:
Computer Security. ESORICS 2022 International Workshops (ESORICS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13785))

Included in the following conference series:

Abstract

The growing connectivity of Industrial Control Systems (ICSs) in the era of Industry 4.0 has triggered a dramatic increase in the number of cyber-physical attacks, i.e., security breaches in cyberspace that adversely alter the physical processes (see, e.g., the Stuxnet worm).

The main challenge attackers face in the development of cyber-physical attacks is obtaining an adequate level of process comprehension. Process comprehension is defined as “the understanding of system characteristics and components responsible for the safe delivery of service” (Green et al. 2017). While there exist a number of tools (Nmap, PLCScan, Xprobe, etc.) one can use to develop a level of process comprehension through the targeting of controllers alone, they are limited by functionality, scope, and detectability. Thus, to support the execution of realistic cyber-physical attack scenario with adequate level of physical process comprehension, we propose a black-box dynamic analysis reverse engineering tool to derive from scans of memory registers of exposed controllers an approximated model of the controlled physical process. Such an approximated model is developed by inferring statistical properties, business processes and, in particular, system invariants whose knowledge might be crucial to build up stealthy (i.e., undetectable) attacks. We test the proposed methodology on a non-trivial case study, taken from the context of industrial water treatment systems.

Research partially supported by the project “Dipartimenti di Eccellenza 2018–2022”, funded by the Italian Ministry of Universities and Research (MUR).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The slope is an auxiliary attribute indicating the trend of the measurement.

References

  1. Fluxicon disco. https://fluxicon.com/disco/

  2. R project for statistical computing (1993). https://www.r-project.org/

  3. A Hacker Tried to Poison a Florida City’s Water Supply (2021). https://www.wired.com/story/oldsmar-florida-water-utility-hack/. Accessed 14 May 2022

  4. 3, I.S.I.: Programmable Controllers - Part 3: Programming Languages, 2nd edn. International Electrotechnical Commission (2003)

    Google Scholar 

  5. Adepu, S., Mathur, A.: Using process invariants to detect cyber attacks on a water treatment system. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 91–104. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-33630-5_7

    Chapter  Google Scholar 

  6. Adepu, S., Mathur, A.: From design to invariants: detecting attacks on cyber physical systems. In: QRS-C, pp. 533–540. IEEE (2017)

    Google Scholar 

  7. Adepu, S., Mathur, A.: Distributed attack detection in a water treatment plant: method and case study. IEEE Trans. Depend. Secur. Comput. 18(1), 86–99 (2021)

    Article  Google Scholar 

  8. Ceccato, M., et al.: Understanding the behaviour of hackers while performing attack tasks in a professional setting and in a public challenge. Empir. Softw. Eng. 24(1), 240–286 (2019)

    Article  MathSciNet  Google Scholar 

  9. Ernst, M.D., et al.: The Daikon system for dynamic detection of likely invariants. Sci. Comput. Program. 69(1–3), 35–45 (2007)

    Article  MathSciNet  Google Scholar 

  10. Falliere, N., Murchu, L., Chien, E.: W32.Stuxnet Dossier (2011)

    Google Scholar 

  11. Feng, C., Palleti, V.R., Mathur, A., Chana, D.: A systematic framework to generate invariants for anomaly detection in industrial control systems. In: NDSS. The Internet Society (2019)

    Google Scholar 

  12. Furtado, F., Shrivastava, S., Mathur, A., Goh, N.: The design of cyber-physical exercises (CPXs). In: CyCon. IEEE (2022)

    Google Scholar 

  13. Giraldo, J., et al.: A survey of physics-based attack detection in cyber-physical systems. ACM Comput. Surv. 51(4), 76:1–76:36 (2018)

    Google Scholar 

  14. Goh, J., Adepu, S., Tan, M., Lee, Z.S.: Anomaly detection in cyber physical systems using recurrent neural networks. In: HASE, pp. 140–145. IEEE Computer Society (2017)

    Google Scholar 

  15. Gollmann, D., Gurikov, P., Isakov, A., Krotofil, M., Larsen, J., Winnicki, A.: Cyber-physical systems security: experimental analysis of a vinyl acetate monomer plant. In: CCPS@ASIACCS, pp. 1–12. ACM (2015)

    Google Scholar 

  16. Green, B., Derbyshire, R., Krotofil, M., Knowles, W., Prince, D., Suri, N.: PCaaD: towards automated determination and exploitation of industrial systems. Comput. Secur. 110, 102424 (2021)

    Article  Google Scholar 

  17. Green, B., Krotofil, M., Abbasi, A.: On the significance of process comprehension for conducting targeted ICS attacks. In: CPS-SPC@CCS, pp. 57–67. ACM (2017)

    Google Scholar 

  18. Hadziosmanovic, D., Sommer, R., Zambon, E., Hartel, P.H.: Through the eye of the PLC: semantic security monitoring for industrial processes. In: ACSAC, pp. 126–135. ACM (2014)

    Google Scholar 

  19. Keliris, A., Maniatakos, M.: ICSREF: a framework for automated reverse engineering of industrial control systems binaries. In: NDSS. The Internet Society (2019)

    Google Scholar 

  20. Krotofil, M., Gollmann, D.: Industrial control systems security: what is happening? In: INDIN, pp. 670–675. IEEE (2013)

    Google Scholar 

  21. Lanotte, R., Merro, M.: A calculus of cyber-physical systems. In: Drewes, F., Martín-Vide, C., Truthe, B. (eds.) LATA 2017. LNCS, vol. 10168, pp. 115–127. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-53733-7_8

    Chapter  Google Scholar 

  22. Lanotte, R., Merro, M., Munteanu, A.: Industrial control systems security via runtime enforcement. ACM TOPS 26(1), 4:1–4:41 (2023). https://doi.org/10.1145/3546579

  23. Lanotte, R., Merro, M., Munteanu, A., Viganò, L.: A formal approach to physics-based attacks in cyber-physical systems. ACM TOPS 23(1), 3:1–3:41 (2020)

    Google Scholar 

  24. Lyon, G.: Nmap (1997). https://nmap.org/

  25. Mathur, A.P., Tippenhauer, N.O.: SWaT: a water treatment testbed for research and training on ICS security. In: CySWater@CPSWeek, pp. 31–36. IEEE Computer Society (2016)

    Google Scholar 

  26. Modbus, I.: Modbus application protocol specification v1. 1a. North Grafton, Massachusetts (2004). (www.modbus.org/specs.php)

  27. Moritz, P., et al.: Ray: a distributed framework for emerging AI applications. In: USENIX, pp. 561–577. USENIX Association (2018)

    Google Scholar 

  28. Nguyen, T., Kapur, D., Weimer, W., Forrest, S.: DIG: a dynamic invariant generator for polynomial and array invariants. ACM Trans. Softw. Eng. Methodol. 23(4), 30:1–30:30 (2014)

    Google Scholar 

  29. Paoletti, S., Juloski, A.L., Ferrari-Trecate, G., Vidal, R.: Identification of hybrid systems: a tutorial. Eur. J. Control. 13(2–3), 242–260 (2007)

    Article  Google Scholar 

  30. Rajkumar, R., Lee, I., Sha, L., Stankovic, J.A.: Cyber-physical systems: the next computing revolution. In: DAC, pp. 731–736. ACM (2010)

    Google Scholar 

  31. Slowik, J.: Anatomy of an attack: detecting and defeating CRASHOVERRIDE. VB2018, October, pp. 1–23 (2018)

    Google Scholar 

  32. Urbina, D.I., et al.: Limiting the impact of stealthy attacks on industrial control systems. In: CCS, pp. 1092–1105. ACM (2016)

    Google Scholar 

  33. Winnicki, A., Krotofil, M., Gollmann, D.: Cyber-physical system discovery: reverse engineering physical processes. In: CPSS@ASIACCS, pp. 3–14. ACM (2017)

    Google Scholar 

  34. Yuan, Y., et al.: Data driven discovery of cyber physical systems. Nat. Commun. 10(1), 4894 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

We thank the anonymous reviewers for valuable comments.

Author information

Authors and Affiliations

  1. Università dell’Insubria, Como, Italy

    Mariano Ceccato, Youssef Driouich, Ruggero Lanotte, Marco Lucchese & Massimo Merro

Authors
  1. Mariano Ceccato
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Youssef Driouich
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruggero Lanotte
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marco Lucchese
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Massimo Merro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mariano Ceccato .

Editor information

Editors and Affiliations

  1. Norwegian University of Science and Technology, Gjøvik, Norway

    Sokratis Katsikas

  2. Polytechnique Montréal, Montreal, Canada

    Frédéric Cuppens

  3. University of the Aegean, Mytilene, Greece

    Christos Kalloniatis

  4. University of Toronto, Toronto, ON, Canada

    John Mylopoulos

  5. Technical University of Berlin, Berlin, Germany

    Frank Pallas

  6. Alexander von Humboldt Institute for Internet and Society, Berlin, Germany

    Jörg Pohle

  7. Ruhr University Bochum, Bochum, Germany

    M. Angela Sasse

  8. Norwegian Computing Center, Oslo, Norway

    Habtamu Abie

  9. University of Trento, Trento, Italy

    Silvio Ranise

  10. University of Genoa, Genoa, Italy

    Luca Verderame

  11. Consiglio Nazionale delle Ricerche (CNR), Genoa, Italy

    Enrico Cambiaso

  12. Indra, Alcobendas, Spain

    Jorge Maestre Vidal

  13. Indra, Alcobendas, Spain

    Marco Antonio Sotelo Monge

  14. George Mason University, Fairfax, VA, USA

    Massimiliano Albanese

  15. Norwegian University of Science and Technology, Gjøvik, Norway

    Basel Katt

  16. Norwegian Computing Center, Oslo, Norway

    Sandeep Pirbhulal

  17. Institute for Energy Technology, Halden, Norway

    Ankur Shukla

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ceccato, M., Driouich, Y., Lanotte, R., Lucchese, M., Merro, M. (2023). Towards Reverse Engineering of Industrial Physical Processes. In: Katsikas, S., et al. Computer Security. ESORICS 2022 International Workshops. ESORICS 2022. Lecture Notes in Computer Science, vol 13785. Springer, Cham. https://doi.org/10.1007/978-3-031-25460-4_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-25460-4_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-25459-8

  • Online ISBN: 978-3-031-25460-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation