1 / 14

Siemens Openlab Major Review February 2012

Siemens Openlab Major Review February 2012. PLCs Security. Author: Filippo Tilaro Supervised by: Brice Copy. PLC Security project phases. Openlab Major Review Report February 2012. Fuzzing Test Generator. Grammars. INPUT. Customized Peach Fuzzing Framework. GEN.

ember
Download Presentation

Siemens Openlab Major Review February 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Siemens OpenlabMajor ReviewFebruary 2012 PLCs Security Author: Filippo Tilaro Supervised by: Brice Copy

  2. PLC Security project phases Openlab Major Review Report February 2012

  3. Fuzzing Test Generator Grammars INPUT Customized Peach Fuzzing Framework GEN. • Generation and forging of any kind of communication load • Translate experts’ knowledge into grammar rules • Definition of proprietary and even not-existing protocols • Scalable in terms of: • Testing files • Protocol testing behavior (state-machine, mutation strategies) Target Openlab Major Review Report February 2012

  4. ISCI Communication Robustness Test certification fulfilling • Integration of the CRT test cases into the TRoIE test-bench • Extension of the CRT for not covered protocols • 5 security testing phases: • Discover Protocol Functionalities and Attack Surface • Storms and Maximum Load Tests • Single Field Injection • Combinatorial Fields Injection • Cross State Fuzzing (for stateful protocols) Openlab Major Review Report February 2012

  5. Test-bench Reproducibility 3-Layers Architecture Extended Peach Framework Reverse Proxy & Access Control REST Web Service JSON • Authentication to run a test • Built-in invariant test definitions • No specific security knowledge • OS Compatibility Client Openlab Major Review Report February 2012

  6. PLC I/O Monitoring Waveforms Comparison • Feedback Control System: • No synchronization issues • Reduced PLC Scan Cycle for a best timing resolution • Requirements: • 3 sec period:1 sec High, 2 sec Low • PLC waveform generation • 20 msec resolution • Parametric threshold jitter Target Openlab Major Review Report February 2012

  7. Conclusions • Test-bench release & Expertise transfer to Siemens (Dec 2011) • Installation, configuration, Documentation • Next Steps: • Proprietary Network protocols testing (S7,PROFINET), Software applications, libraries and APIs, System I/O modules • Multi-Protocols (Man-in-the-middle) layer testing • PLC internal status monitoring • Extending to the supervision level: SCADA system like PVSS, OPC-UA… Openlab Major Review Report February 2012

  8. Siemens OpenlabMajor ReviewFebruary 2012 Step7 Openness, PVSS Security, Virtualization Author: Omer Khalid Supervised by: RenaudBarillere

  9. Step7 Deployment - I • Step 7 / Totally Integrated Automation: • Software development environment to develop software for PLC’s that interfaces with the industrial equipment. • Aim: To bring-in modern software engineering capabilities to Step7 product line: • Step7 Deployment • To automate the deploy Siemens software on engineering workstations; Scalability: from small (10’s of machines) to large (100’s of machines); Easy and flexible to deploy, fast refresh rate Openlab Major Review Report February 2012

  10. Step7 Deployment - II • Status: Completed • All milestones has been achieved and delivered. Verified and confirmed by Siemens. • Value for Siemens: • Final strategy is implemented by Siemens in v12 of TIA. • TIA portal can now be deployed in automated fashion using 3rd party standard software inventory management software. • Approach: • Three strategies validated through prototyping • Reported in detail in previous major review • Nutshell: either using chained MSI’s or SIA engine • Meets short term, medium and long terms objectives and product development plans of Step7 software • Criteria: integration with Siemens existing software tools. Openlab Major Review Report February 2012

  11. Step7 Security • Stuxnet worm • Detected in June 2010. • Attack method (0-day exploit against windows, fake certificates, rootkit, DLL replacement) • Software Security • New topic was added to the project in Jul/Aug 2010 • Market survey conducted – mostly source code based analysis • Binary code based analysis identified to complement existing source code based analysis • BitBlaze and Veracode selected as test candidates • Status: Completed • Initial testing/prototyping • Siemens continues in-house Openlab Major Review Report February 2012

  12. PVSS Security • Objective • Improve the SCADA security and system robustness • Strategy • Identifying vulnerability areas and their associated risks – including test use cases • Determine key cyber security aspects from CERN standpoint, Taking Siemens/ETM input • Evaluate risks and use cases identified, and prototype to investigate vulnerabilities • Security Areas: • Access Control, Data Integrity and Confidentiality, Auditing and Logging, Updating and Patching, Network Resource Availability • Status: SCADA recommendation document prepared and submitted to SCADA section. Openlab Major Review Report February 2012

  13. Virtualization • Objective: • Evaluate and deploy engineering applications on private cloud infrastructure. • Process: • Various private cloud tool kits evaluated • OpenNebula, Eucalyptus, VmwarevSphere • Performance of applications benchmarked • For distributed and shared storage • For high and low load deployment. • Outcome: • A private cloud infrastructure deployed • PVSS developers using it extensively for application development. • Results related to infrastructure performance were published in a paper in ICALEPCS 2011 conference. Openlab Major Review Report February 2012

  14. Publications • Khalid O., Sheikh A., Copy B., “Optimizing Infrastructure for Software Testing and Deployment for Engineering Applications", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011. • Khalid O., “OpenNebula cloud for Engineering applications, OpenNebula Blog, Nov, 2011 • Tilaro F., "Cyber security analysis for industrial control systems", CERN Computing Newsletter, 2010. • Tilaro F., Copy B., "Industrial Devices Robustness Assessment and Testing against Cyber Security Attacks", 13th International Conference on Accelerator and Large Experimental Physics Control Systems, Grenoble, France. Oct 2011. • Tilaro F., "Testbench for Robustness of Industrial Equipments (TROIE)", CERN, 2009 • Copy B., Tilaro F., ”Standards Based Measurable Security For Embedded Devices” ICALEPCS 2009 Openlab Major Review Report February 2012

More Related