Control Logic Obfuscation Attack in Industrial Control Systems

Control Logic Obfuscation Attack in Industrial Control Systems

연구 분야: Safety

학회: 2022 IEEE International Conference on Cyber Security and Resilience (CSR)

Industrial control systems (ICS) are essential for safe and efficient operations of critical infrastructures such as power grids, pipelines, and water treatment facilities. Attackers target ICS, mainly programmable logic controllers (PLC), to sabotage underlying infrastructure. A PLC controls a physical process through connected sensors and actuators. It runs a control-logic program that specifies monitoring and controlling a physical process and is a common target of cyberattacks. A vendor-provided proprietary engineering software is typically used to investigate the infected control logic. This paper shows that an attacker can use control-logic obfuscation as an anti-forensics technique to hinder the investigations and incident response. The control-logic obfuscation subverts the engineering software’s decompilation function; therefore, we call it a denial-of-decompilation attack. The attack exploits a fundamental design principle of creating compiled control logic in engineering software, thereby affecting the engineering software of multiple vendors in the industry.