A Trusted Safety Verifier for Process Controller Code

Slides:



Advertisements
Similar presentations
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Advertisements

Unit 7 Discrete Controllers
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
INTRODUCTION COMPUTATIONAL MODELS. 2 What is Computer Science Sciences deal with building and studying models of real world objects /systems. What is.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
Midterm Wednesday Chapter 1-3: Number /character representation and conversion Number arithmetic Combinational logic elements and design (DeMorgan’s Law)
Overview The von Neumann Machine - the programmable digital computer Introducing the LC-3 Computer - A “toy” computer for us to learn from Computer machine.
State Machines Used to Design Sequential Circuits.
Programming Logic and Design, Introductory, Fourth Edition1 Understanding Computer Components and Operations (continued) A program must be free of syntax.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification
1 KU College of Engineering Elec 204: Digital Systems Design Lecture 20 Datapath and Control Datapath - performs data transfer and processing operations.
Design and Analysis of Algorithms
Unit 3b Industrial Control Systems
Formal Techniques for Verification Using SystemC By Nasir Mahmood.
Computer Programming-1 CSC 111 Chapter 1 : Introduction.
Verification technique on SA applications using Incremental Model Checking 컴퓨터학과 신영주.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Computer Organization
PLC introduction1 Discrete Event Control Concept Representation DEC controller design DEC controller implementation.
PLC: Programmable Logical Controller
CIS Computer Programming Logic
CS321 Functional Programming 2 © JAS Implementation using the Data Flow Approach In a conventional control flow system a program is a set of operations.
Systems Architecture I1 Propositional Calculus Objective: To provide students with the concepts and techniques from propositional calculus so that they.
C# Overview and Features. Content I.History of C# II.Architecture III.How to install IV.Features V.Code Sample VI.Microsoft.NET Platform VII.Why use C#
Three fundamental concepts in computer security: Reference Monitors: An access control concept that refers to an abstract machine that mediates all accesses.
Proof Carrying Code Zhiwei Lin. Outline Proof-Carrying Code The Design and Implementation of a Certifying Compiler A Proof – Carrying Code Architecture.
B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.
Property of Jack Wilson, Cerritos College1 CIS Computer Programming Logic Programming Concepts Overview prepared by Jack Wilson Cerritos College.
Developing software and hardware in parallel Vladimir Rubanov ISP RAS.
CSCI-100 Introduction to Computing Hardware Design Part I.
Real-time Virtual Resource: a Timely Abstraction for Embedded Systems Aloysius K. Mok Alex Xiang Feng Dept. of Computer Sciences University of Texas at.
Abstract A Structured Approach for Modular Design: A Plug and Play Middleware for Sensory Modules, Actuation Platforms, Task Descriptions and Implementations.
Verification & Validation By: Amir Masoud Gharehbaghi
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
PLC ARCHITECTURE – Memory 2 by Dr. Amin Danial Asham.
3/12/2013Computer Engg, IIT(BHU)1 CONCEPTS-1. Pipelining Pipelining is used to increase the speed of processing It uses temporal parallelism In pipelining,
Automated Formal Verification of PLC (Programmable Logic Controller) Programs
Riyadh Philanthropic Society For Science Prince Sultan College For Woman Dept. of Computer & Information Sciences CS 251 Introduction to Computer Organization.
Visual Basic.NET Comprehensive Concepts and Techniques Chapter 1 An Introduction to Visual Basic.NET and Program Design.
Actuators and Control, Part 4 Grant Agreement No LLP UK-LEONARDO-LMP Project acronym: CLEM Project title: Cloud services for E-Learning.
Levels of Verification Figure 2.2 p 37 Verification is applied at all different abstraction levels Mostly bottom up, some top down.
1 Introduction to Engineering Spring 2007 Lecture 18: Digital Tools 2.
IS 350 Course Introduction. Slide 2 Objectives Identify the steps performed in the software development life cycle Describe selected tools used to design.
Lesson 1 PLC BASICS. PLC Definition  Programmable Logic Controllers are industrial computers that control machine and other applications.  PLC have.
Sub-fields of computer science. Sub-fields of computer science.
Compilers Principles, Techniques, & Tools Taught by Jing Zhang
Marilyn Wolf1 With contributions from:
SPiiPlus Training Class
EMBEDDED SYSTEMS S.HIMABINDU
Cyber Physical System Security
Chapter 1: An Overview of Computers and Programming Languages
Dronely: A Visual Block Programming Language for the Control of Drones
Overview of Computers and Programming Chapter 1
COMPUTER ORGANIZATION & ASSEMBLY LANGUAGE
Introduction Introduction to VHDL Entities Signals Data & Scalar Types
Chapter 1: An Overview of Computers and Programming Languages
Structural testing, Path Testing
C++ Programming: From Problem Analysis to Program Design
An Introduction to Visual Basic .NET and Program Design
Industrial Electronics
Security in Java Real or Decaf? cs205: engineering software
IS 2935: Developing Secure Systems
Introduction to Micro Controllers & Embedded System Design
Introduction To CAD/CAM
KU College of Engineering Elec 204: Digital Systems Design
An explicit state model checker
Compilers Principles, Techniques, & Tools Taught by Jing Zhang
Chapter-1 Computer is an advanced electronic device that takes raw data as an input from the user and processes it under the control of a set of instructions.
Presentation transcript:

A Trusted Safety Verifier for Process Controller Code Stephen McLaughlin, Saman Zonouz, Devin Pohly, Patrick McDaniel Presented by Xumiao Zhang and Shenghao Lin 1-9 10-18 19-21 22-26 27-28

Overview Programmable logic controller (PLC) Threat model Trusted Safety Verifier (TSV) PLC code analysis Implementation Evaluation Conclusion

Programmable Logic Controller A Programmable Logic Controller (PLC) is a digital, multi- input multi-output computer used for real-time automation of physical machinery. A PLC’s program is executed continuously as long as the PLC is running.

A PLC’s Life Turn left 2˚ Turn left!

A PLC’s Life Turn left 2˚ Turn left! 1º

A PLC’s Life Not quite... Turn left! 1º

A PLC’s Life Not quite... Turn left! 2º

A PLC’s Life BINGO! Stop! 2º

A PLC’s Life L DW2 ;; Degrees Control Logic < ID255 ST Q 3.2 Control Signal Scan Cycle Sensor Measurements

Bad news... Programmable Controllers are insecure by design Control systems are not robust enough for security patches (i.e. stuxnet)

A PLC’s Life ;; Spin out ;; of control! S Q 3.2 Control Logic

Safety Properties Bounds on numerical device parameters (e.g. maximum drive velocity and acceleration) Safety interlocks, which ensure physically conflicting events do not occur.

Trusted Safety Verifier (TSV) Goal: Only allow code to be run on a PLC if it satisfies a set of engineer-supplied safety properties.

TSV - Challenges Existing tools not up to the task. Control systems are stateful, requiring temporal properties. State space explosion with existing analysis techniques.

TSV - Architecture

Sample PLC Code AI 0.5 ;; And input bit 5 =Q 0.1 ;; Store at output bit 1

Instruction List Intermediate Language Side effects PLC special features Architecture dependent

Instruction List Intermediate Language PLC Code

Symbolic Execution TSV symbolically executes an ILIL program to produce a mapping from path predicates to symbolic outputs. Symbolic execution follows all possible paths through a single scan cycle of the program. Lump together all inputs that produce that same output.

Symbolic Execution - Example if input > 10 then output input + 6 else output 2 * input + 6 Without symbolic execution, an unsigned integer input can generate 2^32 different states. With symbolic execution, only 2 states. We will see its use later.

Symbolic Execution - Expression

Checking Temporal Properties PLCs use stateful variables, which retain their values across the scan cycles. TEG (temporal execution graph) is applied for model checking.

Temporal Execution Graph (TEG) A state machine in which each state transition represents a single scan cycle. Each state in the TEG contains the state and output variables.

TEG

TEG with Symbolic Execution

TSV - A Full Run

Conclusion Developed Trusted Safety Verifier (TSV), a trusted verification platform for programmable logic controllers. last-step security verification of control commands Combination of symbolic execution and model checking Implemented a real-world prototype of the TSV framework on an independent Raspberry PI chip with minimal attack surface. Demonstrated performance in checking various properties in control systems

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.