본문 바로가기
  • Home

A Sanitizer for Detecting Vulnerable Code Patterns in uC/OS-II Operating System-based Firmware for Programmable Logic Controllers

  • Journal of Software Assessment and Valuation
  • Abbr : JSAV
  • 2020, 16(1), pp.65-79
  • DOI : 10.29056/jsav.2020.06.08
  • Publisher : Korea Software Assessment and Valuation Society
  • Research Area : Engineering > Computer Science
  • Received : May 22, 2020
  • Accepted : June 19, 2020
  • Published : June 30, 2020

HanSeungJae 1 Keonyong Lee 2 Geunha You 3 SEONG JE CHO 1

1단국대학교
2단국대학교 응용컴퓨터
3단국대학교 컴퓨터학과

Candidate

ABSTRACT

As Programmable Logic Controllers (PLCs), popular components in industrial control systems (ICS), are incorporated with the technologies such as micro-controllers, real-time operating systems, and communication capabilities. As the latest PLCs have been connected to the Internet, they are becoming a main target of cyber threats. This paper proposes two sanitizers that improve the security of uC/OS-II based firmware for a PLC. That is, we devise BU sanitizer for detecting out-of-bounds accesses to buffers and UaF sanitizer for fixing use-after-free bugs in the firmware. They can sanitize the binary firmware image generated in a desktop PC before downloading it to the PLC. The BU sanitizer can also detect the violation of control flow integrity using both call graph and symbols of functions in the firmware image. We have implemented the proposed two sanitizers as a prototype system on a PLC running uC/OS-II and demonstrated the effectiveness of them by performing experiments as well as comparing them with the existing sanitizers. These findings can be used to detect and mitigate unintended vulnerabilities during the firmware development phase.

Citation status

* References for papers published after 2022 are currently being built.