We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Advanced Search
Volume 36 Issue 6
November  2021
Turn off MathJax
Article Contents
Abstract
References
Related Articles
Supplements
Ke Liu, Jing-Yi Wang, Qiang Wei, Zhen-Yong Zhang, Jun Sun, Rong-Kuan Ma, Rui-Long Deng. HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller[J]. Journal of Computer Science and Technology, 2021, 36(6): 1307-1324. DOI: 10.1007/s11390-021-1647-7
Citation: Ke Liu, Jing-Yi Wang, Qiang Wei, Zhen-Yong Zhang, Jun Sun, Rong-Kuan Ma, Rui-Long Deng. HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller[J]. Journal of Computer Science and Technology, 2021, 36(6): 1307-1324. DOI: 10.1007/s11390-021-1647-7
shu

HRPDF: A Software-Based Heterogeneous Redundant Proactive Defense Framework for Programmable Logic Controller

  • 1 State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450001, China;
    2 College of Control Science and Engineering, Zhejiang University, Hangzhou 310027, China;
    3 College of Computer Science and Technology, Guizhou University, Guiyang 550025, China;
    4 School of Information Systems, Singapore Management University, Singapore 689867, Singapore

Funds: This work is supported by the National Key Research and Development Program of China under Grant No. 2020YFB2010900, and the Fundamental Research Funds for the Central Universities (Zhejiang University NGICS Platform) of China under Grant No. TC190A449.
More Information
  • Corresponding author:

    Qiang Wei E-mail: 12132013@zju.edu.cn

  • Received Date: May 31, 2021
  • Revised Date: November 14, 2021
  • Published Date: November 29, 2021
    Abstract
  • Programmable logic controllers (PLCs) play a critical role in many industrial control systems, yet face increasingly serious cyber threats. In this paper, we propose a novel PLC-compatible software-based defense mechanism, called Heterogeneous Redundant Proactive Defense Framework (HRPDF). We propose a heterogeneous PLC architecture in HRPDF, including multiple heterogeneous, equivalent, and synchronous runtimes, which can thwart multiple types of attacks against PLC without the need of external devices. To ensure the availability of PLC, we also design an inter-process communication algorithm that minimizes the overhead of HRPDF. We implement a prototype system of HRPDF and test it in a real-world PLC and an OpenPLC-based device, respectively. The results show that HRPDF can defend against multiple types of attacks with 10.22% additional CPU and 5.56% additional memory overhead, and about 0.6 ms additional time overhead.
    • FullText(HTML)
    • References (56)
  • [1]
    McLaughlin S, Konstantinou C, Wang X, Davi L, Sadeghi A, Maniatakos M, Karri R. The cybersecurity landscape in industrial control systems. Proceedings of the IEEE, 2016, 104(5): 1039-1057. DOI: 10.1109/JPROC.2015.2512235.
    [2]
    Knowles W, Prince D, Hutchison D, Disso J F P, Jones K. A survey of cyber security management in industrial control systems. International Journal of Critical Infrastructure Protection, 2015, 9: 52-80. DOI: 10.1016/j.ijcip.2015.02.002.
    [3]
    Zonouz S, Rrushi J, McLaughlin S. Detecting industrial control malware using automated PLC code analytics. IEEE Security & Privacy, 2014, 12(6): 40-47. DOI: 10.1109/MSP.2014.113.
    [4]
    Farwell J P, Rohozinski R. Stuxnet and the future of cyber war. Survival, 2011, 53(1): 23-40. DOI: 10.1080/00396338.2011.555586.
    [5]
    Bencsáth B, Ács-Kurucz G, Molnár G, Vaspöri G, Buttyán L, Kamarás R. Duqu 2.0: A comparison to Duqu. Technical Report, CrySyS Lab, 2015. https://www.crysys.hu/publications/files/duqu2.pdf, Nov. 2021.
    [6]
    Lee R M, Assante M, Conway T. Analysis of the cyber attack on the Ukrainian power grid. Technical Report, Electricity-Information Sharing and Analysis Center, 2016. https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2016/05/20081514/E-ISAC SANS Ukraine DUC 5.pdf, Nov. 2021.
    [7]
    Lee R, Slowik J, Miller B, Cherepanov A, Lipovsky R. Industroyer/Crashoverride: Zero things cool about a threat group targeting the power grid. Technical Report, Black Hat, 2017. https://www.blackhat.com/docs/us-17/wednesday/us-17-Lee-Industroyer-Crashoverride-Zero-Things-Cool-About-A-Threat-Group-Targeting-The-Power-Grid.pdf, Nov. 2021.
    [8]
    Di Pinto A, Dragoni Y, Carcano A. TRITON: The first ICS cyber attack on safety instrument systems. Technical Report, Nozomi Networks, 2018. https://www.nozominetworks.com/downloads/US/Nozomi-Networks-TRITON-The-First-SIS-Cyberattack.pdf, Nov. 2021.
    [9]
    Ponomarev S, Atkison T. Industrial control system network intrusion detection by telemetry analysis. IEEE Transactions on Dependable and Secure Computing, 2016, 13(2): 252-260. DOI: 10.1109/TDSC.2015.2443793.
    [10]
    Zhang F, Kodituwakku H A D E, Hines W, Coble J B. Multilayer data-driven cyber-attack detection system for industrial control systems based on network, system and process data. IEEE Transactions on Industrial Informatics, 2019, 15(7): 4362-4369. DOI: 10.1109/TⅡ.2019.2891261.
    [11]
    Feng C, Palleti V R, Mathur A, Chana D. A systematic framework to generate invariants for anomaly detection in industrial control systems. In Proc. the 2019 Network and Distributed System Security Symposium, February 2019. DOI: 10.14722/ndss.2019.23265.
    [12]
    Cifranic N, Hallman R, Romero-Mariona J, Souza B, Calton T, Coca G. Decepti-SCADA: A cyber deception framework for active defense of networked critical infrastructures. Internet of Things, 2020, 12: Article No. 100320. DOI: 10.1016/j.iot.2020.100320.
    [13]
    Lin H, Zhuang J, Hu Y C, Zhou H. DefRec: Establishing physical function virtualization to disrupt reconnaissance of power grids’ cyber-physical infrastructures. In Proc. the 27th Network and Distributed System Security Symposium, February 2020. DOI: ndss.2020.24365.
    [14]
    López-Morales E, Rubio-Medrano C, Doupé A, Shoshitaishvili Y, Wang R, Bao T, Ahn G J. HoneyPLC: A next-generation honeypot for industrial control systems. In Proc. the 2020 ACM SIGSAC Conference on Computer and Communications Security, November 2020, pp.279-291. DOI: 10.1145/3372297.3423356.
    [15]
    Abbasi A, Holz T, Zambon E, Etalle S. ECFI: Asynchronous control flow integrity for programmable logic controllers. In Proc. the 33rd Annual Computer Security Applications Conference, December 2017, pp.437-448. DOI: 10.1145/3134600.3134618.
    [16]
    Garcia L, Zonouz S, Wei D, De Aguiar L P. Detecting PLC control corruption via on-device runtime verification. In Proc. the 2016 Resilience Week, August 2016, pp.67-72. DOI: 10.1109/RWEEK.2016.7573309.
    [17]
    Salehi M, Bayat-Sarmadi S. PLCDefender: Improving remote attestation techniques for PLCs using physical model. IEEE Internet of Things Journal, 2021, 8(9): 7372-7379. DOI: 10.1109/JIOT.2020.3040237.
    [18]
    McCune J M, Li Y, Qu N, Zhou Z, Datta A, Gligor V, Perrig A. TrustVisor: Efficient TCB reduction and attestation. In Proc. the 2010 IEEE Symposium on Security and Privacy, 2010, pp.143-158. DOI: 10.1109/SP.2010.17.
    [19]
    Dessouky G, Zeitouni S, Nyman T, Paverd A J, Davi L, Koeberl P, Asokan N, Sadeghi A. LO-FAT: Low-overhead control flow attestation in hardware. In Proc. the 54th Annual Design Automation Conference, June 2017, Article No. 24. DOI: 10.1145/3061639.3062276.
    [20]
    Cheminod M, Durante L, Seno L, Valenzano A. Performance evaluation and modeling of an industrial application-layer firewall. IEEE Transactions on Industrial Informatics, 2018, 14(5): 2159-2170. DOI: 10.1109/TⅡ.2018.2802903.
    [21]
    Li D, Guo H, Zhou J, Zhou L, Wong J W. SCADAWall: A CPI-enabled firewall model for SCADA security. Computers & Security, 2019, 80: 134-154. DOI: 10.1016/j.cose.2018.10.002.
    [22]
    Jiang N, Lin H, Yin Z, Xi C. Research of paired industrial firewalls in defense-in-depth architecture of integrated manufacturing or production system. In Proc. the 2017 IEEE International Conference on Information and Automation, July 2017, pp.523–526. DOI: 10.1109/ICInfA.2017.8078963.
    [23]
    Zeitouni S, Dessouky G, Arias O, Sullivan D, Ibrahim A, Jin Y, Sadeghi A R. ATRIUM: Runtime attestation resilient under memory attacks. In Proc. the 2017 IEEE/ACM International Conference on Computer-Aided Design, November 2017, pp.384-391. DOI: 10.1109/ICCAD.2017.8203803.
    [24]
    Stój J. Cost-effective hot-standby redundancy with synchronization using EtherCAT and real-time ethernet protocols. IEEE Transactions on Automation Science and Engineering, 2021, 18(4): 2035-2047. DOI: 10.1109/TASE.2020.3031128.
    [25]
    Schwartz M D, Mulder J, Trent J, Atkins W D. Control system devices: Architectures and supply channels overview. Technical Report, Sandia National Laboratories, 2010. https://energy.sandia.gov/wp-content/gallery/uploads/JCSW Report Final.pdf, Nov. 2021.
    [26]
    Yoo H, Kalle S, Smith J, Ahmed I. Overshadow PLC to detect remote control-logic injection attacks. In Proc. the 16th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, June 2019, pp.109-132. DOI: 10.1007/978–3–030–22038–96.
    [27]
    Bryan L A, Bryan E A. Programmable Controllers: Theory and Implementation (2nd edition). Industrial Text Company, 1997.
    [28]
    Ma R, Cheng P, Zhang Z, Liu W, Wang Q, Wei Q. Stealthy attack against redundant controller architecture of industrial cyber-physical system. IEEE Internet of Things, 2019, 6(6): 9783-9793. DOI: 10.1109/JIOT.2019.2931349.
    [29]
    Basnight Z, Butts J, Lopez J, Dube T. Firmware modification attacks on programmable logic controllers. International Journal of Critical Infrastructure Protection, 2013, 6(2): 76-84. DOI: 10.1016/j.ijcip.2013.04.004.
    [30]
    Schuett C, Butts J, Dunlap S. An evaluation of modification attacks on programmable logic controllers. International Journal of Critical Infrastructure Protection, 2014, 7(1): 61-68. DOI: 10.1016/j.ijcip.2014.01.004.
    [31]
    Garcia L, Brasser F, Cintuglu M, Sadeghi A, Mohammed O, Zonouz S. Hey, my malware knows physics! Attacking PLCs with physical model aware rootkit. In Proc. the 26th Network and Distributed System Security Symposium, February 26–March 1, 2017. DOI: 10.14722/ndss.2017.23313.
    [32]
    Govil N, Agrawal A, Tippenhauer N O. On ladder logic bombs in industrial control systems. In Proc. the 2017 International Workshop on Security and Privacy Requirements Engineering and the 2017 International Workshop on the Security of Industrial Control Systems and Cyber-Physical Systems, September 2017, pp.110-126. DOI: 10.1007/978–3–319–72817–98.
    [33]
    Senthivel S, Dhungana S, Yoo H, Ahmed I, Roussev V. Denial of engineering operations attacks in industrial control systems. In Proc. the 8th ACM Conference on Data and Application Security and Privacy, March 2018, pp.319-329. DOI: 10.1145/3176258.3176319.
    [34]
    Yoo H, Ahmed I. Control logic injection attacks on industrial control systems. In Proc. the 34th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, June 2019, pp.33-48. DOI: 10.1007/978–3–030– 22312–03.
    [35]
    Kalle S, Ameen N, Yoo H, Ahmed I. CLIK on PLCs! attacking control logic with decompilation and virtual PLC. In Proc. the Workshop on Binary Analysis Research, February 2019. DOI: 10.14722/bar.2019.23074.
    [36]
    Sun R, Mera A, Lu L, Choffnes D. SoK: Attacks on industrial control logic and formal verification-based defenses. In Proc. the 2021 IEEE European Symposium on Security and Privacy, September 2021, pp.385-402. DOI: 10.1109/EuroSP51992.2021.00034.
    [37]
    Abbasi A, Hashemi M. Ghost in the PLC designing an undetectable programmable logic controller rootkit via pin control attack. In Proc. the 2016 Black Hat Europe, November 2016.
    [38]
    Robles-Durazno A, Moradpoor N, McWhinnie J, Russell G, Maneru-Marin I. Implementation and detection of novel attacks to the PLC memory of a clean water supply system. In Proc. the 4th International Conference on Technology Trends, August 2019, pp.91-103. DOI: 10.1007/978–3–030– 05532–57.
    [39]
    Robles-Durazno A, Moradpoor N, McWhinnie J, Russell G, Maneru-Marin I. PLC memory attack detection and response in a clean water supply system. International Journal of Critical Infrastructure Protection, 2019, 26: Article No. 100300. DOI: 10.1016/j.ijcip.2019.05.003.
    [40]
    Hou Y, Such J, Rashid A. Understanding security requirements for industrial control system supply chains. In Proc. the 5th IEEE/ACM International Workshop on Software Engineering for Smart Cyber-Physical Systems, May 2019, pp.50-53. DOI: 10.1109/SEsCPS.2019.00016.
    [41]
    Behera C K, Bhaskari D L. Different obfuscation techniques for code protection. Procedia Computer Science, 2015, 70: 757-763. DOI: 10.1016/j.procs.2015.10.114.
    [42]
    Keliris A, Maniatakos M. ICSREF: A framework for automated reverse engineering of industrial control systems binaries. In Proc. the 26th Annual Network and Distributed System Security Symposium, February 2019. DOI: 10.14722/ndss.2019.23271.
    [43]
    Valois J D. Lock-free linked lists using compare-and-swap. In Proc. the 14th Annual ACM Symposium on Principles of Distributed Computing, August 1995, pp.214-222. DOI: 10.1145/224964.224988.
    [44]
    Michael M M, Scott M L. Simple, fast, and practical non-blocking and blocking concurrent queue algorithms. In Proc. the 15th Annual ACM Symposium on Principles of Distributed Computing, May 1996, pp.267-275. DOI: 10.1145/248052.248106.
    [45]
    Ang K H, Chong G, Li Y. PID control system analysis, design, and technology. IEEE Transactions on Control Systems Technology, 2005, 13(4): 559-576. DOI: 10.1109/TCST.2005.847331.
    [46]
    Vollmer T, Alves-Foss J, Manic M. Autonomous rule creation for intrusion detection. In Proc. the 2011 IEEE Symposium on Computational Intelligence in Cyber Security, April 2011, pp.1-8. DOI: 10.1109/CICYBS.2011.5949394.
    [47]
    Lin H, Slagell A, Di Martino C, Kalbarczyk Z, Iyer R K. Adapting bro into SCADA: Building a specification-based intrusion detection system for the DNP3 protocol. In Proc. the 8th Annual Cyber Security and Information Intelligence Research Workshop, January 2013, Article No. 5. DOI: 10.1145/2459976.2459982.
    [48]
    Graveto V, Rosa L, Cruz T, Simões P. A stealth monitoring mechanism for cyber-physical systems. International Journal of Critical Infrastructure Protection, 2019, 24: 126-143. DOI: 10.1016/j.ijcip.2018.10.006.
    [49]
    Assante M J, Lee R M. The industrial control system cyber kill chain. Technical Report, SANS Institute, 2015. https://sansorg.egnyte.com/dl/HHa9fCekmc, Nov. 2021.
    [50]
    Caselli M, Zambon E, Kargl F. Sequence-aware intrusion detection in industrial control systems. In Proc. the 1st ACM Workshop on Cyber-Physical System Security, April 2015, pp.13-24. DOI: 10.1145/2732198.2732200.
    [51]
    Kovah X, Kallenberg C, Weathers C, Herzog A, Albin M, Butterworth J. New results for timing-based attestation. In Proc. the 2012 IEEE Symposium on Security and Privacy, May 2012, pp.239-253. DOI: 10.1109/SP.2012.45.
    [52]
    Frey G, Litz L. Formal methods in PLC programming. In Proc. the 2000 IEEE International Conference on Systems, Man and Cybernetics, October 2000, pp.2431-2436. DOI: 10.1109/ICSMC.2000.884356.
    [53]
    Adiego B F, Darvas D, Vinuela E B, Tournier J C, Bliudze S, Blech J O, Suarez V G. Applying model checking to industrial-sized PLC programs. IEEE Transactions on Industrial Informatics, 2015, 11(6): 1400-1410. DOI: 10.1109/TⅡ.2015.2489184.
    [54]
    Kuzmin E, Sokolov V A, Ryabukhin D. Construction and verification of PLC-programs by LTL-specification. Automatic Control and Computer Sciences, 2015, 49(7): 453-465. DOI: 10.3103/S014641161407013X.
    [55]
    Ryabukhin D, Kuzmin E. LTL-specification, verification and construction of PLC programs. In Proc. the Spring/Summer Young Researchers’ Colloquium on Software Engineering, May 2014, pp.19-26. DOI: 10.15514/SYRCOSE-2014-8-3.
    [56]
    Janicke H, Nicholson A, Webber S, Cau A. Runtimemonitoring for industrial control systems. Electronics, 2015, 4: 995-1017. DOI: 10.3390/electronics4040995.
    • Relative Articles

  • Related Articles

    [1]Juan Fang, Zhen-Yu Leng, Si-Tong Liu, Zhi-Cheng Yao, Xiu-Feng Sui. Exploring Heterogeneous NoC Design Space in Heterogeneous GPU-CPU Architectures[J]. Journal of Computer Science and Technology, 2015, 30(1): 74-83. DOI: 10.1007/s11390-015-1505-6
    [2]SUN Wei. Multi-Volume CAD Modeling for Heterogeneous Object Design and Fabrication[J]. Journal of Computer Science and Technology, 2000, 15(1): 27-36.
    [3]wang Xuejun, Shi Chunyi. A Multiagent Dynamic interaction Testbed:Theoretic Framework, System Architecture and Experimentation[J]. Journal of Computer Science and Technology, 1997, 12(2): 121-132.
    [4]Tang Weiyu, Shi Wu, Zang Binxu, Zhu Chuanqi. Exploiting Loop Parallelism with Redundant Execution[J]. Journal of Computer Science and Technology, 1997, 12(2): 105-112.
    [5]Shi Ronghua. A Redundant Binary Algorithm for RSA[J]. Journal of Computer Science and Technology, 1996, 11(4): 416-420.
    [6]Xu Fupei, Luo Chi, Jin Yadong. A General Architecture Model of CPDL Interpreter[J]. Journal of Computer Science and Technology, 1995, 10(5): 463-469.
    [7]Wu Xindong. A Frame Based Architecture for Information Integration in CIMS[J]. Journal of Computer Science and Technology, 1992, 7(4): 328-332.
    [8]Jin Zhiquan, Liu Chengfei, Sun Zhongxiu, Zhou Xiaofang, Chen Peipei, Gu Jianming. Design and Implementation of a Heterogeneous Distributed Database System[J]. Journal of Computer Science and Technology, 1990, 5(4): 363-373.
    [9]Huang Weikang, F.Lombardi. Repairing VLSI/WSI Redundant Memories with Minimum Cost[J]. Journal of Computer Science and Technology, 1990, 5(2): 187-196.
    [10]Xue Xing, Sun Zhongxiu, Zhou Jianqiang, Xu Xihao. A Message-Based Distributed Kernel for a Full Heterogeneous Environment[J]. Journal of Computer Science and Technology, 1990, 5(1): 47-56.
    • Supplements (2)

  • Others

  • Cited by

    Periodical cited type(2)

    1. Ottar L. Osen, Vijander Singh, Christian Hovden, et al. Proceedings of Ninth International Congress on Information and Communication Technology. Lecture Notes in Networks and Systems, DOI:10.1007/978-981-97-3562-4_21
    2. Yuqiang Zhang, Zhiqiang Hao, Ning Hu, et al. A virtualization-based security architecture for industrial control systems. 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), DOI:10.1109/DSC55868.2022.00020

    Other cited types(0)

Catalog

    Get Citation
    PDF
    XML
    Read Online
    Article views (79) PDF downloads (2) Cited by(2)
    Related

    Copyright ©2025 JCST, All Rights Reserved     京ICP备05002829号-1

    Institute of Computing Technology, Chinese Academy of Sciences
    P.O. Box 2704, Beijing 100190, P.R. China

    Tel.: 86-10-62610746 E-mail: jcst@ict.ac.cn

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return