A Firmware Verification Tool for Programmable Logic Controllers

Abstract : Current supervisory control and data acquisition (SCADA) systems do not have adequately tailored security solutions. Programmable logic controllers (PLCs) in SCADA systems are particularly vulnerable due to a lack of firmware auditing capabilities. Since a PLC is a field device that directly connects to a physical system for monitoring and control, a compromise of its firmware could have devastating consequences. This paper describes a tool developed specifically for verifying PLC firmware in SCADA systems. The tool captures serial data during firmware uploads and verifies it against a known good firmware executable. It can also replay captured data and analyze firmware without the presence of a PLC. The tool does not require any modifications to a SCADA system and can be implemented on a variety of platforms. These features, along with the ability to isolate the tool from production systems and adapt it to various architectures, make the tool attractive for use in diverse SCADA environments.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 6th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2012, Washington, DC, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-390, pp.59-69, 2012, Critical Infrastructure Protection VI. 〈10.1007/978-3-642-35764-0_5〉
Liste complète des métadonnées

https://hal.inria.fr/hal-01483820
Contributeur : Hal Ifip <>
Soumis le : lundi 6 mars 2017 - 15:02:03
Dernière modification le : dimanche 29 avril 2018 - 13:48:02
Document(s) archivé(s) le : mercredi 7 juin 2017 - 14:28:46

Fichier

978-3-642-35764-0_5_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Lucille Mcminn, Jonathan Butts. A Firmware Verification Tool for Programmable Logic Controllers. Jonathan Butts; Sujeet Shenoi. 6th International Conference on Critical Infrastructure Protection (ICCIP), Mar 2012, Washington, DC, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-390, pp.59-69, 2012, Critical Infrastructure Protection VI. 〈10.1007/978-3-642-35764-0_5〉. 〈hal-01483820〉

Partager

Métriques

Consultations de la notice

109

Téléchargements de fichiers

46