Software security: Application-level vulnerabilities in SCADA systems

Author

Valentine, Sidney ; Farkas, Csilla

Author_Institution

York Tech. Coll., Rockhill, SC, USA

fYear

2011

fDate

3-5 Aug. 2011

Firstpage

498

Lastpage

499

Abstract

In this paper we study the security threats to Supervisory Control and Data Acquisition (SCADA) systems via intentional and unintentional software errors. We claim that current programming practices and security mechanisms for the Programmable Logic Controllers (PLC), that are fundamental components of all SCADA systems, do not provide adequate protection against unintentional errors or malicious, code-level attacks. We focus on software vulnerabilities in ladder logic; a popular graphical language for PLCs. We show how intentional or unintentional errors in the ladder logic code can lead to integrity and availability violations. We propose methods to support secure PLC code development and to detect vulnerable applications.

Keywords

SCADA systems; programmable controllers; security of data; visual languages; PLC code development; SCADA systems; application-level vulnerabilities; ladder logic; popular graphical language; programmable logic controllers; software security; software vulnerabilities; supervisory control and data acquisition; Availability; Coils; Encoding; Programming; SCADA systems; Security; Software; SCADA; integrity; ladder logic; security; software vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Reuse and Integration (IRI), 2011 IEEE International Conference on

Conference_Location

Las Vegas, NV

Print_ISBN

978-1-4577-0964-7

Electronic_ISBN

978-1-4577-0965-4

Type

conf

DOI

10.1109/IRI.2011.6009603

Filename

6009603