Semantic-aware Stealthy Control Logic Infection Attack

Author

Sushma kalle, University of New Orleans, New OrleansFollow

Date of Award

Summer 8-2018

Degree Type

Thesis

Degree Name

M.S.

Degree Program

Computer Science

Department

Computer Science

Major Professor

Ahmed, Irfan

Second Advisor

Roussev, Vassil

Third Advisor

Zibran, Minhaz F.

Abstract

In this thesis work we present CLIK, a new, automated, remote attack on the control logic of a programmable logic controller (PLC) in industrial control systems. The CLIK attack modifies the control logic running in a remote target PLC automatically to disrupt a physical process. We implement the CLIK attack on a real PLC. The attack is initiated by subverting the security measures that protect the control logic in a PLC. We found a critical (zero-day) vulnerability, which allows the attacker to overwrite password hash in the PLC during the authentication process. Next, CLIK retrieves and decompiles the original logic and injects a malicious logic into it and then, transfers the infected logic back to the PLC. To hide the infection, we propose a virtual PLC that engages the software the virtual PLC intercepts the request and then, responds with the original (uninfected) control logic to the software.

Rights

The University of New Orleans and its agents retain the non-exclusive license to archive and make accessible this dissertation or thesis in whole or in part in all forms of media, now or hereafter known. The author retains all other ownership rights to the copyright of the thesis or dissertation.

Recommended Citation

kalle, Sushma, "Semantic-aware Stealthy Control Logic Infection Attack" (2018). University of New Orleans Theses and Dissertations. 2512.
https://scholarworks.uno.edu/td/2512