Remote non-intrusive malware detection for PLCs based on chain of trust rooted in hardware

Prashant Hari Narayan Rajput, Esha Sarkar, Dimitrios Tychalas, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Digitization has been rapidly integrated with manufacturing industries and critical infrastructure to increase efficiency, productivity, and reduce wastefulness, a transition being labeled as Industry 4.0. However, this expansion, coupled with the poor cybersecurity posture of these Industrial Internet of Things (IIoT) devices, has made them prolific targets for exploitation. Moreover, modern Programmable Logic Controllers (PLC) used in the Operational Technology (OT) sector are adopting open-source operating systems such as Linux instead of proprietary software, making such devices susceptible to Linux-based malware. Traditional malware detection approaches cannot be applied directly or extended to such environments due to the unique restrictions of these PLC devices, such as limited computational power and real-time requirements. In this paper, we propose ORRIS, a novel lightweight and out-of-the-device framework that detects malware at both kernel and user-level by processing the information collected using the Joint Test Action Group (JTAG) interface. We evaluate ORRIS against in-the-wild Linux malware achieving maximum detection accuracy of ≈99.7% with very few false-positive occurrences, a result comparable to the state-of-the-art commercial products. Moreover, we also develop and demonstrate a real-time implementation of ORRIS for commercial PLCs.

Original languageEnglish (US)
Title of host publicationProceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages369-384
Number of pages16
ISBN (Electronic)9781665414913
DOIs
StatePublished - Sep 2021
Event6th IEEE European Symposium on Security and Privacy, Euro S and P 2021 - Virtual, Online, Austria
Duration: Sep 6 2021Sep 10 2021

Publication series

NameProceedings - 2021 IEEE European Symposium on Security and Privacy, Euro S and P 2021

Conference

Conference6th IEEE European Symposium on Security and Privacy, Euro S and P 2021
Country/TerritoryAustria
CityVirtual, Online
Period9/6/219/10/21

Keywords

  • Hardware Performance Counters
  • Hardware Root-of-Trust
  • JTAG
  • Malware Detection
  • Rootkit

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Information Systems
  • Information Systems and Management
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Remote non-intrusive malware detection for PLCs based on chain of trust rooted in hardware'. Together they form a unique fingerprint.

Cite this