Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for safe operation of industrial con-trol systems. In particular, a cyber-attack could manipulatecontrol logic running on the PLCs to bring the process ofsafety-critical application into unsafe states. Unfortunately,PLCs are typically not equipped with hardware support thatallows the use of techniques such as remote attestation to ver-ify the integrity of the logic code. In addition, so far remoteattestation is not able to verify the integrity of the physicalprocess controlled by the PLC.In this work, we present PAtt, a system that combines re-mote software attestation with control process validation. PAttleverages operation permutations—subtle changes in the op-eration sequences based on integrity measurements—whichdo not affect the physical process but yield unique traces ofsensor readings during execution. By encoding integrity mea-surements of the PLC’s memory state (software and data) intoits control operation, our system allows to remotely verifythe integrity of the control logic based on the resulting sensortraces. We implement the proposed system on a real PLCcontrolling a robot arm, and demonstrate its feasibility. Ourimplementation enables the detection of attackers that ma-nipulate the PLC logic to change process state and/or reportspoofed sensor readings (with an accuracy of 97% againsttested attacks).
Proceedings of International Symposium on Research in Attacks, Intrusions and Defenses (RAID)