Home > Research > Publications & Outputs > LASARUS

Electronic data

  • LASARUS

    Accepted author manuscript, 710 KB, PDF-document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems

Research output: Contribution in Book/Report/ProceedingsConference contribution

Published
Publication date4/07/2017
Host publicationEngineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings
EditorsEric Bodden, Mathias Payer, Elias Athanasopoulos
Place of PublicationCham
PublisherSpringer
Pages36-52
Number of pages17
ISBN (Electronic)9783319621050
ISBN (Print)9783319621043
<mark>Original language</mark>English
EventESSoS 2017 - Bonn, Germany

Conference

ConferenceESSoS 2017
CountryGermany
CityBonn
Period3/07/175/07/17
Internet address

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume10379

Conference

ConferenceESSoS 2017
CountryGermany
CityBonn
Period3/07/175/07/17
Internet address

Abstract

Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection.
Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e.,
cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.