Stuxnet-in-a-Box: In-Field Emulation and Fuzzing of PLCs to Uncover the Next Zero-Day Threat in Industrial Control Systems

Presented at Black Hat Asia 2021 Virtual, May 6, 2021, 12:30 p.m. (40 minutes)

<p>Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS, as well as a substantial number of research works that try to proactively uncover underlying vulnerabilities. The main focus on both sides, though, has been the first and obvious choices when it comes to exploitation, namely the network level as the main gateway to an ICS and the control operation performed by it. As ICS evolve abstracting the control logic to a purely software level hosted on a generic OS, software level evaluation of multiple levels of an ICS is a straightforward choice. In this work, we will present a new tool for the cybersecurity assessment of ICS such as Programmable Logic Controllers (PLC) for in-field security evaluation with no disruption to the actual process.</p><p>More specifically, we will deploy system emulation to eliminate the need for experiments directly on the actual hardware device, massively improve scalability and compatibility for easy deployment on a multitude of platforms. On the emulated platform, we will apply fuzzing across software levels of the device, the system itself, the hosted PLC abstracting platform as well as the application performing the control logic. Through fuzzing we expose vulnerabilities existing on the system either by poor maintenance or sloppy programming. The PLC platform of choice is the Codesys runtime, an industry-leading solution existing in a quarter of the currently deployed PLC.<br><br>Furthermore, we will combine the knowledge of the uncovered vulnerabilities with a custom reverse engineering tool to dynamically synthesize a new cyber threat that integrates operational manipulation, system exploitation and stealth to become a Stuxnet-level threat to an ICS.</p>

Presenters:

  • Michail Maniatakos - Associate Professor, New York University Abu Dhabi
    <p>Michail Maniatakos received the B.Sc. and M.Sc. degrees in Computer Science and Embedded Systems from the University of Piraeus, Greece, and the PhD degree in Electrical Engineering and the M.Sc. and M.Phil. degrees from Yale University, New Haven, CT, USA. He is currently an Associate Professor of Electrical and Computer Engineering with New York University (NYU) Abu Dhabi, Abu Dhabi, UAE, and a Research Assistant Professor with the NYU Tandon School of Engineering, New York, NY, USA. He is also the Director of the MoMA Laboratory, NYU Abu Dhabi. His research interests, funded by industrial partners, the US Government, and the UAE Government, include robust microprocessor architectures, privacy-preserving computation, smart cities, as well as industrial control systems security. He has authored several publications in IEEE transactions and conferences, holds patents on privacy-preserving data processing, and also serves in the technical program committee for various international conferences.</p>
  • Dimitrios Tychalas - PhD Student, New York University
    <p>Dimitrios Tychalas received the 5-year Computer Engineering diploma from the University of Thessaly, Volos, Greece in 2015. He is currently pursuing a PhD degree in Electrical Engineering from New York University Tandon School of Engineering, Brooklyn, NY, USA. His research concerns the cybersecurity posture of embedded systems with a focus on a full stack security assessment of Industrial Control Systems through automated methodologies.</p>

Links:

Similar Presentations: