Name
Abstract | ||
|---|---|---|
A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1109/WCICSS.2016.7882935 | 2016 World Congress on Industrial Control Systems Security (WCICSS) |
Keywords | Field | DocType |
PLC,SCADA,Industrial Control Systems,Access Control,Passwords | Output device,Computer security,Industrial control system,Security analysis,Password,Access control,Stuxnet,Programmable logic controller,Engineering,Input device | Conference |
ISBN | Citations | PageRank |
978-1-5090-2544-2 | 1 | 0.37 |
References | Authors | |
0 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Haroon Wardak | 1 | 1 | 0.37 |
| Sami Zhioua | 2 | 2 | 0.72 |
| Ahmad Almulhem | 3 | 1 | 1.05 |