Model Verification and Exhaustive Testing for Whitelist Function of Industrial Control System

Abstract

This paper considers a verification problem of the whitelist function applicable to the Programmable Logic Controller (PLC). The PLC of the industrial control system is an important controller to control sensors and actuators and requires security functions because PLCs are becoming targets for cyber-attacks such as malware and zero-day attacks. One of the PLC security functions is a whitelisting system that registers normal operations as a safety list and detects the operations not registered in the list as abnormal operations. The detection performance of the whitelist depends on how accurately the normal operation of PLC is modeled via Petri net. Therefore, it is necessary to verify the consistency of the normal operation and whitelist of the PLC. Verification of the consistency allows us to evaluate the detection range and to suppress false detection. The previous work of the current authors demonstrates that the Petri net model allows us to generate the whitelist from the control program of PLC. The whitelist generation is composed of two processes: The first is to convert a control program to a Petri net and the second is to convert a Petri net model to a whitelist. Thus, this paper proposes two whitelist verification methods. The first is a model verification method to verify the Petri net model using reachability of the Petri net. The second is an exhaustive test method to verify the whitelist operation. Furthermore, it is expected that the proposed methods are applicable for evaluation and verification of detection performance when the whitelist is compressed to reduce the load on the PLC.