ICSREF: A Framework for Automated Reverse Engineering of Industrial Control Systems Binaries

12/09/2018
by   Anastasis Keliris, et al.
0

The security of Industrial Control Systems (ICS) has been attracting increased attention over the past years, following the discovery of real threats targeting industrial environments. Despite this attention, automation of the reverse engineering process of ICS binaries for programmable logic controllers remains an open problem, mainly due to the use of proprietary compilers by ICS vendors. Such automation could be a double-edged sword; on the one hand it could accelerate digital forensic investigations and incident response actions, while on the other hand it could enable dynamic generation of malicious ICS payloads. In this work, we propose a structured methodology that automates the reverse engineering process for ICS binaries taking into account their unique domain-specific characteristics. We apply this methodology to develop the modular Industrial Control Systems Reverse Engineering Framework (ICSREF), and instantiate ICSREF modules for reversing binaries compiled with CODESYS, a widely used software stack and compiler for PLCs. To evaluate our framework we create a database of samples by collecting real PLC binaries from public code repositories, as well as developing binaries in-house. Our results demonstrate that ICSREF can successfully handle diverse PLC binaries from varied industry sectors, irrespective of the programming language used. Furthermore, we deploy ICSREF on a commercial smartphone which orchestrates and launches a completely automated process-aware attack against a chemical process testbed. This example of dynamic payload generation showcases how ICSREF can enable sophisticated attacks without any prior knowledge.

READ FULL TEXT

page 1

page 12

research
11/22/2020

Modular Moose: A new generation software reverse engineering environment

Advanced reverse engineering tools are required to cope with the complex...
research
05/11/2023

REMaQE – Reverse Engineering Math Equations from Executables

Cybersecurity attacks against industrial control systems and cyber-physi...
research
06/21/2014

On the Reverse Engineering of the Citadel Botnet

Citadel is an advanced information-stealing malware which targets financ...
research
11/14/2019

Detecting Safety and Security Faults in PLC Systems with Data Provenance

Programmable Logic Controllers are an integral component for managing ma...
research
05/21/2019

Two Decades of SCADA Exploitation: A Brief History

Since the early 1960, industrial process control has been applied by ele...
research
04/28/2019

A Feature Based Methodology for Variable Requirements Reverse Engineering

In the past years, software reverse engineering dealt with source code u...
research
06/07/2023

A Linearly Convergent GAN Inversion-based Algorithm for Reverse Engineering of Deceptions

An important aspect of developing reliable deep learning systems is devi...

Please sign up or login with your details

Forgot password? Click here to reset