Rodrigo Chandia

Attack taxonomies for the Modbus protocols

Abstract The Modbus protocol and its variants are widely used in industrial control applications, especially for pipeline operations in the oil and gas sector. This paper describes the principal attacks on the Modbus Serial and Modbus TCP protocols and presents the corresponding attack taxonomies. The attacks are summarized according to their threat categories, targets and impact on control system assets. The attack taxonomies facilitate formal risk analysis efforts by clarifying the nature and scope of the security threats on Modbus control systems and networks. Also, they provide insights into potential mitigation strategies and the relative costs and benefits of implementing these strategies.

Security Strategies for SCADA Networks

SCADA systems have historically been isolated from other computing resources. However, the use of TCP/IP as a carrier protocol and the trend to interconnect SCADA systems with enterprise networks introduce serious security threats. This paper describes two strategies for securing SCADA networks, both of which have been implemented in a laboratory-scale Modbus network. The first utilizes a security services suite that minimizes the impact on time-critical industrial process systems while adhering to industry standards. The second engages a sophisticated forensic system for SCADA network traffic collection and analysis. The forensic system supports the post mortem analysis of security breaches and the monitoring of process behavior to optimize plant

Forensic analysis of SCADA systems and networks

Supervisory Control and Data Acquisition (SCADA) systems are commonly used to automate and control industrial processes. Modern SCADA protocols leverage TCP/IP to transport sensor data and control signals. Also, corporate IT infrastructures now interconnect with previously isolated SCADA networks, raising serious security issues. This paper describes an architecture that supports the forensic analysis of SCADA systems and networks. The architecture is implemented in a prototype networked environment using the popular Modbus TCP protocol. In addition to supporting forensic investigations, the architecture incorporates mechanisms for monitoring process behaviour and analysing trends that can help improve plant performance.

An Architecture for SCADA Network Forensics

Supervisory control and data acquisition (SCADA) systems are widely used in industrial control and automation. Modern SCADA protocols often employ TCP/IP to transport sensor data and control signals. Meanwhile, corporate IT infrastructures are interconnecting with previously isolated SCADA networks. The use of TCP/IP as a carrier protocol and the interconnection of IT and SCADA networks raise serious security issues. This paper describes an architecture for SCADA network forensics. In addition to supporting forensic investigations of SCADA network incidents, the architecture incorporates mechanisms for monitoring process behavior, analyzing trends and optimizing plant performance.

Assessing The Integrity Of Field Devices In Modbus Networks

Pipeline control systems often incorporate thousands of widely dispersed sensors and actuators, many of them in remote locations. Information about the operational aspects (functionality) and integrity (state) of these field devices is critical because they perform vital measurement and control functions. This paper describes a distributed scanner for remotely verifying the functionality and state of field devices in Modbus networks. The scanner is designed for the Modbus protocol and, therefore, accommodates the delicate TCP/IP stacks of field devices. Furthermore, field device scanning and data storage and retrieval operations are scheduled so as not to impact normal pipeline control operations. Experimental results and simulations demonstrate that the distributed scanner is scalable, distributable and operates satisfactorily in low bandwidth networks.

Extending Java for package based access control

This paper describes an extension of the Java language that provides programmable security. The approach augments the Java syntax with constructs for specifying various access control policies for Java packages, including DAC, MAC, RBAC and TBAC. A primitive ticket based mechanism serves as the foundation for programmable security. The implementation incorporates a preprocessor for language translation and a security service library that implements the ticket management infrastructure. The preprocessor translates the extended Java source code to native Java for eventual bytecode interpretation simultaneously binding security services to the native code. The design is simple and flexible and provides developers with an effective tool for programming security within Java packages.

PROVIDING SITUATIONAL AWARENESS FOR PIPELINE CONTROL OPERATIONS

A SCADA system for a single 3,000-mile-long strand of oil or gas pipeline may employ several thousand field devices to measure process parameters and operate equipment. Because of the vital tasks performed by these sensors and actuators, pipeline operators need accurate and timely information about their status and integrity. This paper describes a realtime scanner that provides situational awareness about SCADA devices and control operations. The scanner, with the assistance of lightweight, distributed sensors, analyzes SCADA network traffic, verifies the operational status and integrity of field devices, and identifies anomalous activity. Experimental results obtained using real pipeline control traffic demonstrate the utility of the scanner in industrial settings.

Language Extensions for Programmable Security

Software developers rely on sophisticated programming language protection models and APIs to manifest security policies for Internet applications. These tools do not provide suitable expressiveness for finegrained, configurable policies. Nor do they ensure the consistency of a given policy implementation. Programmable security provides syntactic and semantic constructs in programming languages for systematically embedding security functionality within applications. Furthermore, it facilitates compile-time and run-time security-checking (analogous to type-checking). This paper introduces a methodology for programmable security by language extension, as well as a prototype model and implementation of JPAC, a programmable access control extension to Java.