PLC-SAST (Programmable Logic Controller Static Application Security Testing) System for detecting code vulnerabilities & standard compliance

Abstract

PLCs (Programmable Logic Controllers) are extensively used by the US Navy for machinery control, environmental control, weapons control, fire control, navigation, and communications systems. They help regulate temperature, humidity, and air quality, and control the operation of missile launchers, gun systems, and other weapons systems on Navy ships and submarines, ensuring safe and efficient operation while reducing workload and risk to sailors. PLCs were considered reliable and robust until the Stuxnet attack in 2010 exposed their vulnerabilities, leading to subsequent attacks like BlackEnergy and Flame. As a result, the number of attacks on the Industrial Control System and PLCs increased exponentially in the following years. A significant number of efforts have been made to secure ICS in different aspects such as network intrusion, compromised SCADA devices, and DoS attacks, however, PLC ladder logic and code vulnerabilities are often overlooked. It has been assumed that ladder logic code is safe and secure as long as the network is healthy and protected from malware or intruders. However, this is not enough since the ladder logic itself has its own unnoticed or overlooked vulnerabilities, which can be easily exploited by adversaries. Such exploitations can lead to data loss and a temporary shutdown of the entire automated system associated with that PLC. Recovering from such incidents can be time-consuming and may cause damage to certain industrial activities or devices, as well as critical data loss of parameters or values. Hence, it is very important to scrutinize the PLC program for finding vulnerabilities and bugs in the early development stages.The proposed solution aims to address the problem of Industrial Control System code vulnerabilities by developing a new PLC Static Application Security Testing (SAST) system. This system will make it easier to integrate static analysis tools for PLC programs by abstracting from different dialectsand language implementations of the IEC 61131-3 language standard. A project parser module in the proposed architecture generates aunified project structure from vendor-specific project files, which is then converted into an abstract syntax tree (AST) representation by a dialect-specific IEC-Parser. The framework computes several data structures based on the AST, including control flow graphs, data flow graphs, program-global call graphs, and points-to sets. A Rule Executor then uses these data structures to find programming standard violations, including IEC and navy standard violations, bad code smells, malicious codes, and possible defects in PLC programs. Thus, the proposed system has the potential to provide several benefits for the navy. One major advantage is improved reliability. By analyzing the code before deployment, the system can detect and correct potential errors and issues before they cause problems in the field. This can help ensure that PLC-based systems on ships and other naval vessels operate with a high degree of reliability and safety. Additionally, the proposed system can result in cost savings by identifying issues early and avoiding costly repairs and downtime during operation. The system can also enhance security by identifying potential vulnerabilities in the code and addressing them before deployment, reducing the risk of cyberattacks and other security threats. In addition, static code analysis canhelp ensure that naval systems meet strict regulatory standards, reducing the risk of non-compliance and associated penalties. Finally, the proposed system can speed up development by identifying issues early in the process, reducing the time and resources required for debugging and testing, and leading to faster deployment of naval systems.-Approved for Public Release

Document Details

Document Type

DoD Grant Award

Publication Date

Jul 24, 2023

Source ID

N000142312626

Entities

Tags