On Experimental validation of Whitelist Auto-Generation Method for Secured Programmable Logic Controllers

Abstract

This paper considers a whitelisting system for programmable logic controllers (PLCs). In control systems, controllers are final fortresses to continues the operation of field devices (actuators/sensors), but they are fragile with respect to malware and zero-day attacks. One of the countermeasures applicable for controllers is a whitelisting system which registers normal operations of controller behavior in a “whitelist” to detect abnormal operations via a whitelist. The previous research of the current author proposed a PLC whitelisting system with a control via a ladder diagram (LD). LD representations have a wide applicability because LDs can be implemented for all PLCs and security functions without hardware/firmware updates. However, the current status requires that all instances are manually entered in the whitelist. In this talk, we show how the setting up of the can be automatized whitelist from the PLC behavior. This paper introduces an auto-generation approach for the whitelist using sequential function chart (SFC) instead of the LD. SFC and LD are compatible representations for the PLC. Using Petri Net modeling, this paper proposes how to generate the whitelist from the SFC and how to detect abnormal operations via the whitelist. We call the SFC-based approach the model-based whitelist, the Petri Net based approach the model-based detection. Further, this paper carries out an experimental validation of the algorithms using an OpenPLC based testbed system.