Phd Position: Vulnerability search in Industrial Control Systems

A reverse engineering approach

 SUBJECT DESCRIPTION

Industrial control systems are specialized computer systems used in many activities of vital importance like energy production and distribution, chemical industry or water management. These systems consist in dedicated hardware and software (PLCs, Control Systems, IHM) interacting via field-bus communications. Their components and communication protocols are often based on legacy and out-of-date hardware and software, not always in conformity with modern security standards and updates. Thus, they might include vulnerabilities which may be used by attackers with potentially serious consequences. Vulnerability research and analysis are then a major concern for governmental agencies (ANSSI), component providers, and end-users. The topic of this PhD lays in this field, dealing with vulnerability detection in industrial systems. Due to the unavailability of both the complete specifications and the source code of the software components, we propose a reverse engineering approach for vulnerability detection. This approach may target several layers like:

  • Behavioral inference of the control automaton of a PLC via active learning (observing the input/output dependencies), considering first autonomous automata and then studying the extension to timed and/or hybrid automata;
  • Code analysis of the embedded PLC software, namely the operation blocks and/or the communication layer implementations, combining static and dynamic analysis of binary code and execution traces. The main objective is to discover abnormal or unexpected behaviors that may be exploited by an attacker to modify or disrupt the physical process. This study will be hosted by research teams CTRL-A (LIG) and PACS (Verimag), which hold strong knowledge in industrial systems analysis, reverse engineering and code analysis techniques. Financial grant supported by Cross Disciplinary Project Grenoble Alpes Cybersecurity Institute part of University Grenoble-Alpes IdEx.

References:

  • [1] Franck de Goër, Christopher Ferreira, Laurent Mounier. SCAT: Learning from a single execution of a binary. SANER 2017, Klagenfurt, Austria, February 2017.
  • [2] Franck de Goër, Roland Groz, Laurent Mounier. Lightweight heuristics to retrieve parameter associations from binaries. PPREW@ACSAC Workshop, Los Angeles, USA, December 2015.
  • [3] Muzammil Shahbaz, Roland Groz. Analysis and testing of black-box component-based systems by inferring partial models. Software Testing, Verifification and Reliability, volume 24, number 4, 2014
  • [4] Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, Frédéric Majorczyk. Efficient Mining of Temporal Safety Properties for Intrusion Detection in Industrial Control Systems. accepted to 10th IFAC Symposium on Fault Detection, Supervision and Safety of Technical Processes (SafeProcess 2018), Warsaw, Poland
  • [5] Oualid Koucham, Stéphane Mocanu, Guillaume Hiet, Jean-Marc Thiriet, Frédéric Majorczyk. Detecting Process-Aware Attacks in Sequential Control Systems. 21st Nordic Conference on Secure IT Systems (NordSec 2016), Nov 2016, Oulu, Finland. <http://nordsec.oulu.fi> .
  • [6] Maëlle Kabir-Querrec, Stéphane Mocanu, Jean-Marc Thiriet, Eric Savary. A Test bed dedicated to the Study of Vulnerabilities in IEC 61850 Power Utility Automation Networks. 21st IEEE Emerging Technologies and Factory Automation, Sep 2016, Berlin, Germany. Proceedings of IEEE 21th Conference on Emerging Technologies & Factory Automation (ETFA 2016), Berlin, Germany, September 2016, 2016, <http://www.etfa2016.org/index.php> .
  • [7] Maëlle Kabir-Querrec, Stéphane Mocanu, Pascal Bellemain, Jean-Marc Thiriet, Eric Savary. Corrupted GOOSE Detectors: Anomaly Detection in Power Utility Real-Time Ethernet Communications. GreHack 2015, Nov 2015, Grenoble, France. <hal-01237725>

 APPLICATION

Applicants must hold a Master’s degree (or be about to earn one) or have an university degree equivalent to a European Master’s (5-year duration),

Applicants will have to send an application letter to laurent.mounier@univ-grenoble-alpes.fr and stephane.mocanu@imag.fr, attaching:

  • Their last diploma and grades
  • Their CV
  • Letters of recommendation and/or references are also welcome.

Application deadline: June 30, 2018 at 17:00 (CET)