Embedded Control Systems Binary Security: An Industrial Control System Protection Approach by Ali Abbasi

Ali Abbasi

In recent years, critical infrastructures in various countries have been targeted by cyber attacks. The most famous example of such an attack is Stuxnet which was manipulating the control software running in the embedded control system (ECS). Following Stuxnet, various attacks against ECS devices have been reported, including attacks on the Ukraine electrical grid that caused a nationwide blackout and the targeting of ECS devices in a refinery in Saudi Arabia. This talk consists of three parts.

In the first part, we examine ECS security from an attacker's perspective. Our most notable contribution in this respect is the engineering of a new kind of attack that previously had not been understood and that takes advantage of a specific feature of embedded devices, namely, re- configurability at the hardware level.

In the second part, we examine ECSs from a defender’s perspective, and we discuss two protection mechanisms that operate at the device (host) level. These mechanisms are designed to prevent the attacker from gaining access to the ECS device using memory corruption vulnerabilities. The suggested mechanisms introduce for the first time the possibility of effectively applying “control-flow integrity” checks to resource-poor and time-constrained devices such as PLCs. At a low level, these techniques also take advantage of some architecture-specific features. We evaluate these techniques and show that they are effective and not easy to bypass.

In the third part we will discuss the challenges in embedded devices fuzzing. This is a research topic which is not yet solved but we will discuss our current work and challenges we faced on creating fuzzes for embedded devices and specifically for PLCs.