PLC Guard: A practical defense against attacks on cyber-physical systems

Modern societies critically depend on cyberphysical systems that control most production processes and utility distribution networks. Unfortunately, many of these systems are vulnerable to attacks, particularly advanced ones. While researchers are investigating sophisticated techniques in order to counter these risks, there is a need for solutions that are practical and readily deployable. In this paper, we adapt the classic ACCAT Guard concept to the protection of programmable logic controllers (PLCs), which are an essential ingredient of existing cyber-physical systems. A PLC Guard intercepts traffic between a, potentially compromised, engineering workstation and a PLC. Whenever code is transferred to a PLC, the guard intercepts the transfer and gives the engineer an opportunity to compare that code with a previous version. The guard supports the comparison through various levels of graphical abstraction and summarization. By operating a simple and familiar interface, engineers can approve or reject the transfer using a trusted device that is significantly harder to subvert by attackers. We developed a PLC Guard prototype in order to reify our ideas on how it should be designed. In this paper, we describe the guard´s design and its implementation. In order to arrive at realistic PLC code examples, we implemented a miniature packaging plant as well as attacks on it.