{"title":"Towards a modular security testing framework for industrial automation and control systems: ISuTest","authors":"Steffen Pfrang, David Meier, Valentin Kautz","doi":"10.1109/ETFA.2017.8247727","DOIUrl":null,"url":null,"abstract":"Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industry 4.0”. This makes IACS susceptible to cyber-attacks which exploit vulnerabilities, for example in order to interrupt the automation process. Security testing targets at discovering those vulnerabilities before they are exploited. In order to enable IACS manufacturers and integrators to perform security testing for their devices, we present ISuTest, a modular security testing framework for IACS. ISuTest is designed to be extendable regarding all kinds of automation protocols, different connection paths as well as evaluating arbitrary outputs of the tested devices. This paper describes the fundamental ideas behind ISuTest, its design and a basic evaluation in which the ISuTest framework was able to discover a vulnerability in a programmable logic controller (PLC). The paper concludes with a broad overview of the planned future work.","PeriodicalId":6522,"journal":{"name":"2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)","volume":"15 1","pages":"1-5"},"PeriodicalIF":0.0000,"publicationDate":"2017-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 22nd IEEE International Conference on Emerging Technologies and Factory Automation (ETFA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ETFA.2017.8247727","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9
Abstract
Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industry 4.0”. This makes IACS susceptible to cyber-attacks which exploit vulnerabilities, for example in order to interrupt the automation process. Security testing targets at discovering those vulnerabilities before they are exploited. In order to enable IACS manufacturers and integrators to perform security testing for their devices, we present ISuTest, a modular security testing framework for IACS. ISuTest is designed to be extendable regarding all kinds of automation protocols, different connection paths as well as evaluating arbitrary outputs of the tested devices. This paper describes the fundamental ideas behind ISuTest, its design and a basic evaluation in which the ISuTest framework was able to discover a vulnerability in a programmable logic controller (PLC). The paper concludes with a broad overview of the planned future work.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
