Abstract
Ensuring the integrity of embedded programmable logic controllers (PLCs) is critical for the safe operation of industrial control systems. In particular, a cyber-attack could manipulate control logic running on the PLCs to bring the process of safety-critical application into unsafe states. Unfortunately, PLCs are typically not equipped with hardware support that allows the use of techniques such as remote attestation to verify the integrity of the logic code. In addition, so far remote attestation is not able to verify the integrity of the physical process controlled by the PLC.
In this work, we present PAtt, a system that combines remote software attestation with control process validation. PAtt leverages operation permutations-subtle changes in the operation sequences based on integrity measurements-which do not affect the physical process but yield unique traces of sensor readings during execution. By encoding integrity measurements of the PLC's memory state (software and data) into its control operation, our system allows us to remotely verify the integrity of the control logic based on the resulting sensor traces. We implement the proposed system on a real PLC, controlling a robot arm, and demonstrate its feasibility. Our implementation enables the detection of attackers that manipulate the PLC logic to change process state and/or report spoofed sensor readings (with an accuracy of 97% against tested attacks).