IMDEA Software

Iniciativa IMDEA

Inicio > Eventos > Charlas Invitadas > 2024 > Security evaluation of modern industrial control systems
Esta página aún no ha sido traducida. A continuación se muestra la página en inglés.

Michail (Mihalis) Maniatakos

lunes 18 de marzo de 2024

11:00am 302-Mountain View and Zoom3 (https://zoom.us/j/3911012202, password:@s3)

Michail (Mihalis) Maniatakos, Researcher, NYU Abu Dhabi

Security evaluation of modern industrial control systems

Abstract:

Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS. The evolution of ICS abstracting the control logic to a purely software level hosted on a generic OS, combined with hyperconnectivity and the integration of popular open source libraries providing advanced features, have expanded the ICS attack surface by increasing the entry points and by allowing traditional software vulnerabilities to be repurposed to the ICS domain. In this seminar, we will shed light to the security landscape of modern ICS, dissecting firmware from the dominant vendors and motivating the need of employing appropriate vulnerability assessment tools. We will present methodologies for blackbox fuzzing of modern ICS, both directly using the device and by using the development software. We will then proceed with methodologies on hotpatching, since ICS cannot be easily restarted in order to patch any discovered vulnerabilities. We will demonstrate our proposed methodologies on various critical infrastructure testbeds.