Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.2.365

Executable Code Sanitizer to Strengthen Security of uC/OS Operating System for PLC  

Choi, Gwang-jun (Dankook University)
You, Geun-ha (Dankook University)
Cho, Seong-je (Dankook University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.2, 2019 , pp. 365-375 More about this Journal
Abstract
A PLC (Programmable Logic Controller) is a highly-reliable industrial digital computer which supports real-time embedded control applications for safety-critical control systems. Real-time operating systems such as uC/OS have been used for PLCs and must meet real-time constraints. As PLCs have been widely used for industrial control systems and connected to the Internet, they have been becoming a main target of cyberattacks. In this paper, we propose an execution code sanitizer to enhance the security of PLC systems. The proposed sanitizer analyzes PLC programs developed by an IDE before downloading the program to a target PLC, and mitigates security vulnerabilities of the program. Our sanitizer can detect vulnerable function calls and illegal memory accesses in development of PLC programs using a database of vulnerable functions as well as the other database of code patterns related to pointer misuses. Based on these DBs, it detects and removes abnormal use patterns of pointer variables and existence of vulnerable functions shown in the call graph of the target executable code. We have implemented the proposed technique and verified its effectiveness through experiments.
Keywords
Execution code sanitizer; Programmable logic controller; uC/OS; Vulnerable function; Pointer misuse;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Ephrem Ryan Alphonsus and Mohammad Omar Abdullah, "A review on the applications of programmable logic controllers (PLCs)," Renewable and Sustainable Energy Reviews vol. 60, pp. 1185-1205, 2016.   DOI
2 Naoum Sayegh, Ali Chehab, Imad H. Elhajj and Ayman Kayssi, "Internal security attacks on SCADA systems," Third International Conference on Communications and Information Technology(ICCIT), pp. 22-27, Jun. 2013.
3 Do-Yeon Kim, "Cyber security issues imposed on nuclear power plants," Annals of Nuclear Energy vol. 65, pp. 141-143, 2013.   DOI
4 G. P. H. Sandaruwan, P. S. Ranaweera and Vladimir A. Oleshchuk, "PLC security and critical infrastructure protection," IEEE 8th International Conference on Industrial and Information Systems, pp. 81-85, Aug, 2013.
5 Nicolas Falliere, "Liam O Murchu and Eric Chien, W32.Stuxnet Dossier," White paper, Symantec Corporation, Security Response, vol. 5. no. 6, pp. 1-69, Feb, 2011.
6 Eric Chien, Liam O Murchu and Nicolas Falliere, "W32.Duqu: The Precursor to the Next Stuxnet," The 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats, 2011.
7 Candid Wueest, "Targeted Attacks Against the Energy Sector," Symantec Security Response, pp. 1-29, Jan, 2014.
8 Dong Yulin and Zheng Chunjiao, "Design and research of embedded PLC development system," 3rd International Conference on Computer Research and Development, vol. 3, pp. 226-228, May 2011.
9 Stevan A. Milinkovic and Ljubomir R. Lazic, "Industrial PLC security issues," 20th Telecommunications Forum (TELFOR), pp. 1536-1539, Jan. 2012.
10 Kwang Hyun Park and Jae Wook Jeon, "Embedded Operating Systems: Windows CE, Embedded Linux, pSOS, uC/OS," 2003 International Conference on Control, Automation and Systems (ICCAS 2003), pp. 1976-1981, Oct. 2003.
11 Ali Abbasi, Ghost in the PLC: stealth on-the-fly manipulation of programmable logic controllers' I/O, CTIT Technical Report Series, (TR-CTIT-16-02), University of Twente, 2016.
12 Sampat S. Pawar and P.C. Bhaskar, "Design and Development of ARM based Real-Time Industry Automation System using GSM," International Research Journal of Engineering and Technology (IRJET), Vol. 2, No. 5, pp.800-805, Aug, 2015.
13 Robert Seacord, Secure Coding in C and C++: Secure Coding in C and C++ (SEI Series in Software Engineering) 2nd Ed, Addison-Wesley Professional, Mar. 2013.
14 Konstantin Serebryany, Derek Bruening, Alexander Potapenko and Dmitry Vyukov, "AddressSanitizer: A Fast Address Sanity Checker," USENIX Annual Technical Conference, pp. 309-318Jun. 2012.
15 Ramakrishnan Venkitaraman and Gopal Gupta, "Static program analysis of embedded executable assembly code," Proceedings of the 2004 international conference on Compilers, architecture, and synthesis for embedded systems, pp. 157-166, Sep, 2004.
16 Software Reliability Enhancement Center, Technology Headquarters and Information-technology Promotion Agency, ESCR(Embedded System development Coding Reference) [C language edition] Ver.3.0, Informationtechnology Promotion Agency(IPA), Mar. 2018.
17 Amjad Basha M Sikiligiri, "Buffer overflow attack and prevention for embedded systems," Doctoral dissertation of Science in Computer Engineering, University of Cincinnati, 2011.
18 Haugh Eric and Matt Bishop, "Testing C Programs for Buffer Overflow Vulnerabilities," The 10th Annual Network and Distributed System Security Symposium(NDSS), Feb, 2003.
19 Motor Industry Software Reliability Association, "MISRA-C:2012 Guideline for the use of the C language in critical systems," MIRA Limited, ISBN 978-1-906400-10-1, 2012.
20 Texas Instruments, TMS320C6000 Code Composer Studio Tutorial, Literature Number SPRU301C, Texas Instruments Publishers, 2000.