Write a Blog >>
ESEC/FSE 2022
Mon 14 - Fri 18 November 2022 Singapore
Tue 15 Nov 2022 14:30 - 14:45 at SRC LT 53 - ESEC/FSE 21 - Dependability Chair(s): Domenico Bianculli

Cyber-physical systems (CPSs) are widespread in critical domains, and significant damage can be caused if an attacker is able to modify the code of their programmable logic controllers (PLCs). Unfortunately, traditional techniques for attesting code integrity (i.e. verifying that it has not been modified) rely on firmware access or roots-of-trust, neither of which proprietary or legacy PLCs are likely to provide. In this paper, we propose a practical code integrity checking solution based on privacy-preserving black box models that instead attest the input/output behaviour of PLC programs. Using faithful offline copies of the PLC programs, we identify their most important inputs through an information flow analysis, execute them on multiple combinations to collect data, then train neural networks able to predict PLC outputs (i.e. actuator commands) from their inputs. By exploiting the black box nature of the model, our solution maintains the privacy of the original PLC code and does not assume that attackers are unaware of its presence. The trust instead comes from the fact that it is extremely hard to attack the PLC code and neural networks at the same time and with consistent outcomes. We evaluated our approach on a modern six-stage water treatment plant testbed, finding that it could predict actuator states from PLC inputs with near-100% accuracy, and thus could detect all 120 effective code mutations that we subjected the PLCs to. Finally, we found that it is not practically possible to simultaneously modify the PLC code and apply discreet adversarial noise to our attesters in a way that leads to consistent (mis-)predictions.

Tue 15 Nov

Displayed time zone: Beijing, Chongqing, Hong Kong, Urumqi change

14:00 - 15:30
ESEC/FSE 21 - DependabilityESEC/FSE 2021 at SRC LT 53
Chair(s): Domenico Bianculli University of Luxembourg
14:00
15m
Talk
ÐArcher: Detecting On-Chain-Off-Chain Synchronization Bugs in Decentralized Applications
ESEC/FSE 2021
Wuqi Zhang The Hong Kong University of Science and Technology, Lili Wei McGill University, Shuqing Li The Chinese University of Hong Kong, Yepang Liu Southern University of Science and Technology, Shing-Chi Cheung Hong Kong University of Science and Technology
Link to publication DOI Pre-print
14:15
15m
Talk
Hazard Analysis for Human-on-the-Loop Interactions in sUAS Systems
ESEC/FSE 2021
Michael Vierhauser Johannes Kepler University Linz, Md Nafee Al Islam , Ankit Agrawal University of Notre Dame, Jane Cleland-Huang University of Notre Dame, James Mason Northrop Grumman
14:30
15m
Talk
Code Integrity Attestation for PLCs using Black Box Neural Network Predictions
ESEC/FSE 2021
Yuqi Chen Singapore Management University, Chris Poskitt Singapore Management University, Jun Sun Singapore Management University
DOI Pre-print
14:45
15m
Talk
Lightweight and Modular Resource Leak Verification
ESEC/FSE 2021
Martin Kellogg University of Washington, Narges Shadab University of California at Riverside, Manu Sridharan University of California at Riverside, Michael D. Ernst University of Washington
15:00
15m
Talk
A Longitudinal Analysis of Bloated Java Dependencies
ESEC/FSE 2021
Link to publication DOI Pre-print Media Attached