References & Citations
Computer Science > Cryptography and Security
Title: Walking Under the Ladder Logic: PLC-VBS, a PLC Control Logic Vulnerability Discovery Tool
(Submitted on 14 Jun 2022 (v1), last revised 30 Jan 2023 (this version, v3))
Abstract: Cyber security risk assessments provide a pivotal starting point towards the understanding of existing risk exposure, through which suitable mitigation strategies can be formed. Where risk is viewed as a product of threat, vulnerability, and impact, understanding each element is of equal importance. This can be a challenge in Industrial Control System (ICS) environments, where adopted technologies are typically not only bespoke, but interact directly with the physical world. To date, existing vulnerability identification has focused on traditional vulnerability categories. While this provides risk assessors with a baseline understanding, and the ability to hypothesize on potential resulting impacts, it is high level, operating at a level of abstraction that would be viewed as incomplete within a traditional information system context. The work presented in this paper takes the understanding of ICS device vulnerabilities one step further. It offers a tool, PLC-VBS, that helps identify Programmable Logic Controller (PLC) vulnerabilities, specifically within logic used to monitor, control, and automate operational processes. PLC-VBS gives risk assessors a more coherent picture about the potential impact should the identified vulnerabilities be exploited; this applies specifically to operational process elements.
Submission history
From: Sam Maesschalck [view email][v1] Tue, 14 Jun 2022 07:57:28 GMT (2043kb,D)
[v2] Wed, 17 Aug 2022 22:38:25 GMT (2097kb,D)
[v3] Mon, 30 Jan 2023 09:43:13 GMT (2097kb,D)
Link back to: arXiv, form interface, contact.