Title :
Software security: Application-level vulnerabilities in SCADA systems
Author :
Valentine, Sidney ; Farkas, Csilla
Author_Institution :
York Tech. Coll., Rockhill, SC, USA
Abstract :
In this paper we study the security threats to Supervisory Control and Data Acquisition (SCADA) systems via intentional and unintentional software errors. We claim that current programming practices and security mechanisms for the Programmable Logic Controllers (PLC), that are fundamental components of all SCADA systems, do not provide adequate protection against unintentional errors or malicious, code-level attacks. We focus on software vulnerabilities in ladder logic; a popular graphical language for PLCs. We show how intentional or unintentional errors in the ladder logic code can lead to integrity and availability violations. We propose methods to support secure PLC code development and to detect vulnerable applications.
Keywords :
SCADA systems; programmable controllers; security of data; visual languages; PLC code development; SCADA systems; application-level vulnerabilities; ladder logic; popular graphical language; programmable logic controllers; software security; software vulnerabilities; supervisory control and data acquisition; Availability; Coils; Encoding; Programming; SCADA systems; Security; Software; SCADA; integrity; ladder logic; security; software vulnerability;
Conference_Titel :
Information Reuse and Integration (IRI), 2011 IEEE International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4577-0964-7
Electronic_ISBN :
978-1-4577-0965-4
DOI :
10.1109/IRI.2011.6009603
