Presentation is loading. Please wait.

Presentation is loading. Please wait.

Standards Based Measurable Security For Embedded Devices

Published byEmily Day Modified over 6 years ago

Similar presentations

Presentation on theme: "Standards Based Measurable Security For Embedded Devices"— Presentation transcript:

1 Standards Based Measurable Security For Embedded Devices
Brice Copy ICALEPCS 09 11 October 2009

2 Plan Project background Test bench objectives Implementation
Investigation results Achievements Perspectives

3 Project background Based upon TOCSSiC, study the robustness of PLCs
CERN Openlab backed project With SIEMENS funding CERN specific aspects Strong demand for RBAC type security Better built-in security mechanisms Wide variety of risk assessments

4 Testbench objectives Investigate cyber security standards relevant to PLC equipment operation.  Establish a working environment tailored for ICS to enable the discovery of new security vulnerabilities. Assess the robustness of SIEMENS Programmable Logic Controller (PLC) products. Perform automated security assessments of industrial control equipment. Determining which are the key aspects of cyber security in  the CERN environment.

5 Cyber Security Standards
ISO 27000, NERC CIP, ISA-99, IEC62xxx Slowly evolving towards ICS relevant standards ISA-99 relevant but still draft Vendors : Mexican standoff situation Everybody agrees it is better than legislation

6 Finding new vulnerabilities...
Directly related to quality processes First, define a method to test Second, define a method to reproduce results Third, define a method to fix and verify Meanwhile, keep abreast of emerging threats and vulnerabilities

7 ...In the comfort of your own lab
An environment that can play many roles... ...Acts as a first class citizen in information exchanges An environment that communicates... ... by accepting inputs from other tools ...and producing outputs for other consumers Multiple roles : network trafic analyzer integrated development environment protocol fuzzing / trafic replay integrate with third party tools Communicates : allows to describe vulnerabilities in a platform independent format produces results that can be leveraged by other tools (replay, analysis)

8 Testbench in theory

9 And in practice ? A plug-in based environment OpenVas for general purpose testing A better set of PLC monitoring tools A protocol fuzzer to convert grammars into vulnerability scanners convert network trafic captures into vulnerability descriptions A way to feed vulnerabilities to our favourite PLC vendor (and sponsor)

10 Testbench in practice S7-400 hooked up for a test run, Beckhoff PLC from a previous test run

11 Testbench in practice My good friend and colleague Filippo, embarrassed at the idea his parents might find out what he does for a living : torturing PLCs until they flash red and need to be power cycled

12 Achievements and findings
Newer PLC generations are better in many aspects... ...and surprisingly exposed in others Protocol fuzzing presents an unforeseen potential Communicating results to a third-party and making them reproduceable is still too much work No vulnerability disclosure, but principles and technologies can be discussed Wurldtech Achilles provides very good results fast and demonstrated the importance of good protocol fuzzing Difficulties to share vulnerability definitions, from a tool to another environment For instance, we can explain the principle of a vulnerability, why not have a format to express it in an executable way ?

13 Perspectives Improve techniques to share results and analyse them
Start integrating our tools more closely Adopt a cut down standard until full blown ones become ready

Download ppt "Standards Based Measurable Security For Embedded Devices"

Similar presentations

Open Cloud Architectures for Smart Manufacturing Workshop

Open Cloud Architectures for Smart Manufacturing Workshop
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Breakout Group 2: Software Quality Assurance Outcome 8/18/10 1.

Breakout Group 2: Software Quality Assurance Outcome 8/18/10 1.
Preparation of the Body. In this key area you will investigate the specific fitness demands of activities. You will learn about: 1.Types of fitness, this.

Preparation of the Body. In this key area you will investigate the specific fitness demands of activities. You will learn about: 1.Types of fitness, this.
RISK MANAGEMENT IN SOFTWARE ENGINEERING RISK MANAGEMENT IN SOFTWARE ENGINEERING Prepared by Prepared by Sneha Mudumba Sneha Mudumba.

RISK MANAGEMENT IN SOFTWARE ENGINEERING RISK MANAGEMENT IN SOFTWARE ENGINEERING Prepared by Prepared by Sneha Mudumba Sneha Mudumba.
Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy.

Siemens Openlab Major Review February 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy.
© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

© 2011 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
WORK BASED PROJECT UNIVERSITI TEKNOLOGI MALAYSIA Executive Diploma Programmes.

WORK BASED PROJECT UNIVERSITI TEKNOLOGI MALAYSIA Executive Diploma Programmes.
Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?

Web Application Security Testing Automation.. Copyright © 2008 Deloitte Touche Tohmatsu. All rights reserved.1 What types of automated testing are there?
Identifying and recruiting patients for clinical trials in the future: a pharma perspective Rob Thwaites EC/EFPIA Workshop on ” Primary and secondary use.

Identifying and recruiting patients for clinical trials in the future: a pharma perspective Rob Thwaites EC/EFPIA Workshop on ” Primary and secondary use.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Open-source fuzzing testing for critical equipment robustness Brice Copy Engineering Department CERN, Switzerland (CS)2/HEP Workshop 18 th October 2015,

Open-source fuzzing testing for critical equipment robustness Brice Copy Engineering Department CERN, Switzerland (CS)2/HEP Workshop 18 th October 2015,
1 Team Skill 3 Defining the System Part 1: Use Case Modeling Noureddine Abbadeni Al-Ain University of Science and Technology College of Engineering and.

1 Team Skill 3 Defining the System Part 1: Use Case Modeling Noureddine Abbadeni Al-Ain University of Science and Technology College of Engineering and.
Phase-1: Prepare for the Change Why stepping back and preparing for the change is so important to successful adoption: Uniform and effective change adoption.

Phase-1: Prepare for the Change Why stepping back and preparing for the change is so important to successful adoption: Uniform and effective change adoption.
COLLABORATIVE APPROACHES TO CRIMINOLOGICAL RESEARCH Presentation for the Welsh Criminology Conference 7 th April 2009 Sam Wright and Fionn Gordon, ARCS.

COLLABORATIVE APPROACHES TO CRIMINOLOGICAL RESEARCH Presentation for the Welsh Criminology Conference 7 th April 2009 Sam Wright and Fionn Gordon, ARCS.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.

Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
With. Project Overview  Introduction to Factory Automation Numerical Control  Build an autonomous robotic solution  Testing an autonomous robot build.

With. Project Overview  Introduction to Factory Automation Numerical Control  Build an autonomous robotic solution  Testing an autonomous robot build.
M&CML: A Monitoring & Control Specification Modeling Language

M&CML: A Monitoring & Control Specification Modeling Language
Stages of Research and Development

Stages of Research and Development
Proactive Incident Response

Proactive Incident Response

Similar presentations

Ads by Google