Standard
LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. /
Le, Anh Tuan; Roedig, Utz; Rashid, Awais.
Engineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings. ed. / Eric Bodden; Mathias Payer; Elias Athanasopoulos. Cham: Springer, 2017. p. 36-52 (Lecture Notes in Computer Science; Vol. 10379).
Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSN › Conference contribution/Paper › peer-review
Harvard
Le, AT, Roedig, U & Rashid, A 2017,
LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. in E Bodden, M Payer & E Athanasopoulos (eds),
Engineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings. Lecture Notes in Computer Science, vol. 10379, Springer, Cham, pp. 36-52, ESSoS 2017, Bonn, Germany,
3/07/17.
https://doi.org/10.1007/978-3-319-62105-0_3
APA
Le, A. T., Roedig, U., & Rashid, A. (2017).
LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. In E. Bodden, M. Payer, & E. Athanasopoulos (Eds.),
Engineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings (pp. 36-52). (Lecture Notes in Computer Science; Vol. 10379). Springer.
https://doi.org/10.1007/978-3-319-62105-0_3
Vancouver
Le AT, Roedig U, Rashid A.
LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. In Bodden E, Payer M, Athanasopoulos E, editors, Engineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings. Cham: Springer. 2017. p. 36-52. (Lecture Notes in Computer Science). Epub 2017 Jun 24. doi: 10.1007/978-3-319-62105-0_3
Author
Le, Anh Tuan ; Roedig, Utz ; Rashid, Awais. /
LASARUS : Lightweight Attack Surface Reduction for Legacy Industrial Control Systems. Engineering Secure Software and Systems: 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings. editor / Eric Bodden ; Mathias Payer ; Elias Athanasopoulos. Cham : Springer, 2017. pp. 36-52 (Lecture Notes in Computer Science).
Bibtex
@inproceedings{a8cd5246290e420faca171edd7fabc57,
title = "LASARUS: Lightweight Attack Surface Reduction for Legacy Industrial Control Systems",
abstract = "Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection.Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e.,cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.",
author = "Le, {Anh Tuan} and Utz Roedig and Awais Rashid",
year = "2017",
month = jul,
day = "4",
doi = "10.1007/978-3-319-62105-0_3",
language = "English",
isbn = "9783319621043",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "36--52",
editor = "Bodden, {Eric } and Mathias Payer and Elias Athanasopoulos",
booktitle = "Engineering Secure Software and Systems",
note = "ESSoS 2017 : International Symposium on Engineering Secure Software and Systems ; Conference date: 03-07-2017 Through 05-07-2017",
url = "https://distrinet.cs.kuleuven.be/events/essos/2017/",
}
RIS
TY - GEN
T1 - LASARUS
T2 - ESSoS 2017
AU - Le, Anh Tuan
AU - Roedig, Utz
AU - Rashid, Awais
PY - 2017/7/4
Y1 - 2017/7/4
N2 - Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection.Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e.,cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.
AB - Many operational Industrial Control Systems (ICSs) were designed and deployed years ago with little or no consideration of security issues arising from an interconnected world. It is well-known that attackers can read and write sensor and actuator data from Programmable Logic Controllers (PLCs) as legacy ICS offer little means of protection.Replacing such legacy ICS is expensive, requires extensive planning and a major programme of updates often spanning several years. Yet augmenting deployed ICS with established security mechanisms is rarely possible. Legacy PLCs cannot support computationally expensive (i.e.,cryptographic) operations while maintaining real-time control. Intrusion Detection Systems (IDSs) have been employed to improve security of legacy ICS. However, attackers can avoid detection by learning acceptable system behaviour from observed data. In this paper, we present LASARUS, a lightweight approach that can be implemented on legacy PLCs to reduce their attack surface, making it harder for an attacker to learn system behaviour and craft useful attacks. Our approach involves applying obfuscation to PLC data whenever it is stored or accessed which leads to a continuous change of the target surface. Obfuscation keys can be refreshed depending on the threat situation, striking a balance between system performance and protection level. Using real-world and simulated ICS data sets, we demonstrate that LASARUS is able to prevent a set of well-known attacks like random or replay injection, by reducing their passing rate significantly—up to a 100 times.
U2 - 10.1007/978-3-319-62105-0_3
DO - 10.1007/978-3-319-62105-0_3
M3 - Conference contribution/Paper
SN - 9783319621043
T3 - Lecture Notes in Computer Science
SP - 36
EP - 52
BT - Engineering Secure Software and Systems
A2 - Bodden, Eric
A2 - Payer, Mathias
A2 - Athanasopoulos, Elias
PB - Springer
CY - Cham
Y2 - 3 July 2017 through 5 July 2017
ER -