工业控制系统的混淆策略

IF 4.1 3区工程技术 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Critical Infrastructure Protection Pub Date : 2024-09-02 DOI:10.1016/j.ijcip.2024.100717

Vittoria Cozza , Mila Dalla Preda , Ruggero Lanotte , Marco Lucchese , Massimo Merro , Nicola Zannone

{"title":"工业控制系统的混淆策略","authors":"Vittoria Cozza , Mila Dalla Preda , Ruggero Lanotte , Marco Lucchese , Massimo Merro , Nicola Zannone","doi":"10.1016/j.ijcip.2024.100717","DOIUrl":null,"url":null,"abstract":"<div>Recently released scan data on Shodan reveals that thousands of Industrial Control Systems (ICSs) worldwide are directly accessible via the Internet and, thus, exposed to cyber-attacks aiming at financial gain, espionage, or disruption and/or sabotage. Executing sophisticated cyber–physical attacks aiming to manipulate industrial functionalities requires a deep understanding of the underlying physical process at the core of the target ICS, for instance, through unauthorized access to memory registers of Programmable Logic Controllers (PLCs). However, to date, countermeasures aiming at hindering the comprehension of physical processes remain largely unexplored.In this work, we investigate the use of obfuscation strategies to complicate process comprehension of ICSs while preserving their runtime evolution. To this end, we propose a framework to design and evaluate obfuscation strategies for PLCs, involving PLC memory registers, PLC code (user program), and the introduction of extra (spurious) physical processes. Our framework categorizes obfuscation strategies based on two dimensions: the type of (spurious) registers employed in the obfuscation strategy and the dependence on the (genuine) physical process. To evaluate the efficacy of proposed obfuscation strategies, we introduce evaluation metrics to assess their potency and resilience, in terms of system invariants the attacker can derive, and their cost in terms of computational overhead due to runtime modifications of spurious PLC registers. We developed a prototype tool to automatize the devised obfuscation strategies and applied them to a non-trivial use case in the field of water tank systems. Our results show that code obfuscation can be effectively used to counter malicious process comprehension of ICSs achieved via scanning of PLC memory registers. To our knowledge, this is the first work using obfuscation as a technique to protect ICSs from such threats. The efficacy of the proposed obfuscation strategies predominantly depends on the intrinsic complexity of the interplay introduced between genuine and spurious registers.</div>","PeriodicalId":49057,"journal":{"name":"International Journal of Critical Infrastructure Protection","volume":"47 ","pages":"Article 100717"},"PeriodicalIF":4.1000,"publicationDate":"2024-09-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S1874548224000581/pdfft?md5=34c2c309641d7172bea1f3fdf4abfc70&pid=1-s2.0-S1874548224000581-main.pdf","citationCount":"0","resultStr":"{\"title\":\"Obfuscation strategies for industrial control systems\",\"authors\":\"Vittoria Cozza , Mila Dalla Preda , Ruggero Lanotte , Marco Lucchese , Massimo Merro , Nicola Zannone\",\"doi\":\"10.1016/j.ijcip.2024.100717\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div>Recently released scan data on Shodan reveals that thousands of Industrial Control Systems (ICSs) worldwide are directly accessible via the Internet and, thus, exposed to cyber-attacks aiming at financial gain, espionage, or disruption and/or sabotage. Executing sophisticated cyber–physical attacks aiming to manipulate industrial functionalities requires a deep understanding of the underlying physical process at the core of the target ICS, for instance, through unauthorized access to memory registers of Programmable Logic Controllers (PLCs). However, to date, countermeasures aiming at hindering the comprehension of physical processes remain largely unexplored.In this work, we investigate the use of obfuscation strategies to complicate process comprehension of ICSs while preserving their runtime evolution. To this end, we propose a framework to design and evaluate obfuscation strategies for PLCs, involving PLC memory registers, PLC code (user program), and the introduction of extra (spurious) physical processes. Our framework categorizes obfuscation strategies based on two dimensions: the type of (spurious) registers employed in the obfuscation strategy and the dependence on the (genuine) physical process. To evaluate the efficacy of proposed obfuscation strategies, we introduce evaluation metrics to assess their potency and resilience, in terms of system invariants the attacker can derive, and their cost in terms of computational overhead due to runtime modifications of spurious PLC registers. We developed a prototype tool to automatize the devised obfuscation strategies and applied them to a non-trivial use case in the field of water tank systems. Our results show that code obfuscation can be effectively used to counter malicious process comprehension of ICSs achieved via scanning of PLC memory registers. To our knowledge, this is the first work using obfuscation as a technique to protect ICSs from such threats. The efficacy of the proposed obfuscation strategies predominantly depends on the intrinsic complexity of the interplay introduced between genuine and spurious registers.</div>\",\"PeriodicalId\":49057,\"journal\":{\"name\":\"International Journal of Critical Infrastructure Protection\",\"volume\":\"47 \",\"pages\":\"Article 100717\"},\"PeriodicalIF\":4.1000,\"publicationDate\":\"2024-09-02\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://www.sciencedirect.com/science/article/pii/S1874548224000581/pdfft?md5=34c2c309641d7172bea1f3fdf4abfc70&pid=1-s2.0-S1874548224000581-main.pdf\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Critical Infrastructure Protection\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1874548224000581\",\"RegionNum\":3,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Critical Infrastructure Protection","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1874548224000581","RegionNum":3,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

Shodan 最近发布的扫描数据显示，全球成千上万的工业控制系统 (ICS) 可通过互联网直接访问，因此面临着以经济利益、间谍活动或干扰和/或破坏为目的的网络攻击。要实施旨在操纵工业功能的复杂网络物理攻击，需要深入了解目标 ICS 核心的基本物理过程，例如，通过未经授权访问可编程逻辑控制器 (PLC) 的内存寄存器。然而，迄今为止，旨在阻碍理解物理过程的应对措施在很大程度上仍未得到探索。在这项工作中，我们研究了如何使用混淆策略，在保持运行时演化的同时，使综合布线系统的过程理解复杂化。为此，我们提出了一个设计和评估 PLC 混淆策略的框架，涉及 PLC 内存寄存器、PLC 代码（用户程序）和额外（虚假）物理过程的引入。我们的框架根据两个维度对混淆策略进行分类：混淆策略中使用的（虚假）寄存器类型和对（真实）物理过程的依赖性。为了评估所提出的混淆策略的有效性，我们引入了评估指标，从攻击者可以获得的系统不变性的角度来评估它们的有效性和弹性，并从运行时修改虚假 PLC 寄存器造成的计算开销的角度来评估它们的成本。我们开发了一个原型工具，用于自动执行所设计的混淆策略，并将其应用于水箱系统领域的一个非难用案例。我们的研究结果表明，代码混淆可有效对抗通过扫描 PLC 内存寄存器实现的对 ICS 恶意进程理解。据我们所知，这是首次使用混淆技术来保护 ICS 免受此类威胁。所建议的混淆策略的有效性主要取决于真实寄存器和虚假寄存器之间相互作用的内在复杂性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Obfuscation strategies for industrial control systems

Recently released scan data on Shodan reveals that thousands of Industrial Control Systems (ICSs) worldwide are directly accessible via the Internet and, thus, exposed to cyber-attacks aiming at financial gain, espionage, or disruption and/or sabotage. Executing sophisticated cyber–physical attacks aiming to manipulate industrial functionalities requires a deep understanding of the underlying physical process at the core of the target ICS, for instance, through unauthorized access to memory registers of Programmable Logic Controllers (PLCs). However, to date, countermeasures aiming at hindering the comprehension of physical processes remain largely unexplored.

In this work, we investigate the use of obfuscation strategies to complicate process comprehension of ICSs while preserving their runtime evolution. To this end, we propose a framework to design and evaluate obfuscation strategies for PLCs, involving PLC memory registers, PLC code (user program), and the introduction of extra (spurious) physical processes. Our framework categorizes obfuscation strategies based on two dimensions: the type of (spurious) registers employed in the obfuscation strategy and the dependence on the (genuine) physical process. To evaluate the efficacy of proposed obfuscation strategies, we introduce evaluation metrics to assess their potency and resilience, in terms of system invariants the attacker can derive, and their cost in terms of computational overhead due to runtime modifications of spurious PLC registers. We developed a prototype tool to automatize the devised obfuscation strategies and applied them to a non-trivial use case in the field of water tank systems. Our results show that code obfuscation can be effectively used to counter malicious process comprehension of ICSs achieved via scanning of PLC memory registers. To our knowledge, this is the first work using obfuscation as a technique to protect ICSs from such threats. The efficacy of the proposed obfuscation strategies predominantly depends on the intrinsic complexity of the interplay introduced between genuine and spurious registers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Critical Infrastructure Protection COMPUTER SCIENCE, INFORMATION SYSTEMS-ENGINEERING, MULTIDISCIPLINARY

CiteScore

8.90

自引率

5.60%

发文量

审稿时长

>12 weeks

期刊介绍： The International Journal of Critical Infrastructure Protection (IJCIP) was launched in 2008, with the primary aim of publishing scholarly papers of the highest quality in all areas of critical infrastructure protection. Of particular interest are articles that weave science, technology, law and policy to craft sophisticated yet practical solutions for securing assets in the various critical infrastructure sectors. These critical infrastructure sectors include: information technology, telecommunications, energy, banking and finance, transportation systems, chemicals, critical manufacturing, agriculture and food, defense industrial base, public health and health care, national monuments and icons, drinking water and water treatment systems, commercial facilities, dams, emergency services, nuclear reactors, materials and waste, postal and shipping, and government facilities. Protecting and ensuring the continuity of operation of critical infrastructure assets are vital to national security, public health and safety, economic vitality, and societal wellbeing. The scope of the journal includes, but is not limited to: 1. Analysis of security challenges that are unique or common to the various infrastructure sectors. 2. Identification of core security principles and techniques that can be applied to critical infrastructure protection. 3. Elucidation of the dependencies and interdependencies existing between infrastructure sectors and techniques for mitigating the devastating effects of cascading failures. 4. Creation of sophisticated, yet practical, solutions, for critical infrastructure protection that involve mathematical, scientific and engineering techniques, economic and social science methods, and/or legal and public policy constructs.