ECFI: Asynchronous control flow integrity for programmable logic controllers

Abstract

Programmable Logic Controllers (PLCs) are a family of embedded devices that are being used to control physical processes in critical infrastructures. Similar to other embedded devices, PLCs are vulnerable to memory corruption and control-flow hijacking attacks. Because PLCs are being used for critical control applications, compromised PLCs constitute a significant security and safety risk. In this paper, we introduce a novel, PLC-compatible control-flow integrity (CFI) mechanism named ECFI to protect such devices from control-flow hijacking attacks. Our CFI approach is the first system for real-time PLCs and considers the runtime operation of the PLC as the highest priority. We implemented a prototype of ECFI and tested it in a real-world industrial PLC against different kinds of attacks. Our performance evaluation demonstrates that ECFI is an efficient, non-intrusive CFI solution that does not impose notable performance overhead and maintains the timeliness of PLC runtime operations, a critical property for this kind of embedded systems.

Publication
In Proceedings of the 33rd Annual Computer Security Applications Conference
Emmanuele Zambon
Emmanuele Zambon
Assistant Professor

My research interests include Industrial Control System security and network intrusion detection.