Paper Info
Title
Detecting Insecure Code Patterns in Industrial Robot Programs
Abstract
Industrial robots are complex and customizable machines that can be programmed with proprietary domain-specific languages. These languages provide not only movement instructions, but also access to low-level system resources such as the network or the file system. Although useful, these features can lead to taint-style vulnerabilities and can be misused to implement malware---on par with general-purpose programming languages. In this paper, we analyze the languages of $8$ leading industrial robot vendors, systematize their technical features, and discuss cases of vulnerable and malicious uses. We then describe a static source-code analyzer that we created to analyze robotic programs and discover insecure or potentially malicious code paths. We focused our proof-of-concept implementation on two popular languages, namely ABB's RAPID and KUKA's KRL. By evaluating our tool on a set of publicly available programs, we show that insecure patterns are found in real-world code; therefore, static source-code analysis is an effective security screening mechanism, for example to prevent commissioning insecure or malicious industrial task programs. Finally, we discuss remediation steps that developers and vendors can adopt to mitigate such issues.
Year
DOI
Venue
2020
10.1145/3320269.3384735
ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security Taipei Taiwan October, 2020
DocType
ISBN
Citations 
Conference
978-1-4503-6750-9
0
PageRank 
References 
Authors
0.34
0
5
Name
Order
Citations
PageRank
Marcello Pogliani1182.94
Federico Maggi252437.68
Marco Balduzzi332017.41
Davide Quarta4304.30
Stefano Zanero573653.78