A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers (PLC용 uC/OS-II 운영체제 기반 펌웨어에서 발생 가능한 취약점 패턴 탐지 새니타이저)

HanSeungJae (한승재); Keonyong Lee (이건용); Geunha You (유근하); SEONG JE CHO (조성제)

doi:10.29056/jsav.2020.06.08

A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers

Journal of Software Assessment and Valuation
Abbr : JSAV
2020, 16(1), pp.65-79
DOI : 10.29056/jsav.2020.06.08
Publisher : Korea Software Assessment and Valuation Society
Research Area : Engineering > Computer Science
Received : May 22, 2020
Accepted : June 19, 2020
Published : June 30, 2020

HanSeungJae ¹, Keonyong Lee ², Geunha You ³, SEONG JE CHO ¹

¹단국대학교
²단국대학교 응용컴퓨터
³단국대학교 컴퓨터학과

Candidate

ABSTRACT

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

KEYWORDS

PLC, uC/OS-II, Sanitizer, Embedded firmware, Buffer underwrite, Use-after-Free

Citation status

* References for papers published after 2023 are currently being built.

[journal] 권기춘 / 2009 / TECHNICAL REVIEW ON THE LOCALIZED DIGITAL INSTRUMENTATION AND CONTROL SYSTEMS / Nuclear Engineering and Technology / 한국원자력학회 41(4) : 447~454

[journal] Stan Karanasios / 2013 / ICT for development in the context of the closure of Chernobyl nuclear power plant: an activity theory perspective / Information Systems Journal / Wiley 23(4) : 287~306

[journal] Vinay M. Igure / 2006 / Security issues in SCADA networks / Computers & Security / Elsevier BV 25(7) : 498~506

[web] N. Falliere / 2011 / W32.Stuxnet Dossier (Version 1.4) / Symantec Security Response / https://www.wired.com/images_blogs/threatlevel/2011/02/Symantec-Stuxnet-Update-Feb-2011.pdf

[confproc] E. Chien / 2012 / W32. Duqu: the precursor to the next stuxnet / Proceedings of the 5th USENIX Workshop on Large-Scale Exploits and Emergent Threats : 25~27

[web] C. Wueest / 2014 / Targeted attacks against the energy sector (Version 1.0) / Symantec Security Response / https://www.symantec.com/content/dam/symantec/docs/security-center/white-papers/targeted-attacks-against-engery-sector-14-en.pdf

[journal] Anam Sajid / 2016 / Cloud-Assisted IoT-Based SCADA Systems Security: A Review of the State of the Art and Future Challenges / IEEE Access / Institute of Electrical and Electronics Engineers (IEEE) 4 : 1375~1384

[journal] Zachry Basnight / 2013 / Firmware modification attacks on programmable logic controllers / International Journal of Critical Infrastructure Protection / Elsevier BV 6(2) : 76~84

[web] M. Payer / 2019 / Software Security - Principles, Policies, and Protection, Free ebook / https://nebelwelt.net/SS3P/softsec.pdf

[confproc] K. Serebryany / 2012 / AddressSanitizer: A Fast Address Sanity Checker / Proceedings of the 2012 USENIX Annual Technical Conference : 13~15

[confproc] K. Serebryany / 2009 / ThreadSanitizer: data race detection in practice / Proceedings of the workshop on binary instrumentation and applications : 62~71

[confproc] E. Stepanov / 2015 / MemorySanitizer: fast detector of uninitialized memory use in C++ / 2015IEEE/ACM International Symposium on Code Generation and Optimization(CGO) : 7~11

[journal] 최광준 / 2019 / Executable Code Sanitizer to Strengthen Security of uC/OS Operating System for PLC / 정보보호학회논문지 / 한국정보보호학회 29(2) : 365~375

[web] Texas Instruments / 2015 / TMS320C28x CPU and Instruction Set - Reference Guide, Literature Number: SPRU430F / Texas Instruments Incorporated / http://www.ti.com/lit/ug/spru430f/spru430f.pdf?&ts=1590046187628

[web] / 2020 / https://doc.micrium.com/display/osiidoc/Memory+Management/ / https://doc.micrium.com/display/osiidoc/Memory+Management/

KJCKorea
Journal Central

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers

ABSTRACT

KEYWORDS

Citation status

* References for papers published after 2023 are currently being built.

Journal of Software Assessment and Valuation 2023 KCI Impact Factor : 0.35

A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers

ABSTRACT

KEYWORDS

Statistics

Tools

Issue List

Citation status

KCI Citation Counts (0)

REFERENCES (15) * References for papers published after 2023 are currently being built.

Search PDF

Citation

* References for papers published after 2023 are currently being built.