电子科技 ›› 2021, Vol. 34 ›› Issue (2): 33-37.doi: 10.16180/j.cnki.issn1007-7820.2021.02.006

• • 上一篇    下一篇

工控系统中PLC安全漏洞及控制流完整性研究

陈大伟,徐茹枝   

  1. 华北电力大学 控制与计算机工程学院,北京 102206
  • 收稿日期:2019-11-26 出版日期:2021-02-15 发布日期:2021-01-22
  • 作者简介:陈大伟(1995-),男,硕士研究生。研究方向:网络信息安全、工业控制系统信息安全、电力信息安全等。|徐茹枝(1966-),女,博士,教授。研究方向:网络信息安全、工业控制系统信息安全、电力信息安全等。
  • 基金资助:
    北京市自然科学基金(4182060)

Research on Security Vulnerabilities and Control Flow Integrity of PLC in Industrial Control System

CHEN Dawei,XU Ruzhi   

  1. School of Control and Computer Engineering,North China Electric Power University,Beijing 102206,China
  • Received:2019-11-26 Online:2021-02-15 Published:2021-01-22
  • Supported by:
    Natural Science Foundation of Beijing(4182060)

摘要:

可编程逻辑控制器在工业控制系统中扮演着重要的角色,但近年来公开的PLC安全漏洞却呈现逐年增加的态势。针对PLC开展漏洞防御技术研究,对提高工控系统安全具有重要意义。文中基于控制流完整性,提出了一种针对PLC的控制流完整性防御机制来保护PLC免受漏洞劫持。该防御机制通过检查PLC程序中的控制转移指令,基于插桩技术插入校验指令以确保程序按照原有的控制流程图执行,以此保护PLC免受攻击者劫持。为了有效地保证PLC的实时性,引入了循环的影子堆栈。文中所提方案有效地保护了PLC免受漏洞劫持,防御机制的性能开销在平均情况下仅约为3.6%。

关键词: PLC, 漏洞, 控制流劫持, 控制流完整性, 工业控制系统, 工控安全

Abstract:

PLC plays an important role in industrial control systems. However, the security vulnerability of PLC disclosed in recent years has increased year by year. Carrying out the research on defense technology of vulnerability for PLC is of great significance for improving the security of industrial control system. Based on the control-flow integrity, this study proposes a defense mechanism using control-flow integrity for PLC to protect PLC from vulnerability hijacking. This defense mechanism protects the PLC from being hijacked by attackers through checking the control transfer instruction in the PLC program and inserting check instruction based on pile technology to ensure that the program is executed according to the original control-flow graph. In order to effectively guarantee the real-time performance of the PLC, a cyclic shadow stack is introduced. The proposed scheme effectively protects the PLC from vulnerability hijacking, and the performance overhead of the defense mechanism is only about 3.6% on average.

Key words: PLC, vulnerabilities, control-flow hijacking, control-flow integrity, industrial control system, security of industrial control system

中图分类号: 

  • TP309