Towards Reverse Engineering of Industrial Physical Processes.

The growing connectivity of Industrial Control Systems (ICSs) in the era of Industry 4.0 has triggered a dramatic increase in the number of cyber-physical attacks, i.e., security breaches in cyberspace that adversely alter the physical processes (see, e.g., the Stuxnet worm). The main challenge attackers face in the development of cyber-physical attacks is obtaining an adequate level of process comprehension. Process comprehension is defined as “the understanding of system characteristics and components responsible for the safe delivery of service” (Green et al. 2017). While there exist a number of tools (Nmap, PLCScan, Xprobe, etc.) one can use to develop a level of process comprehension through the targeting of controllers alone, they are limited by functionality, scope, and detectability. Thus, to support the execution of realistic cyber-physical attack scenario with adequate level of physical process comprehension, we propose a black-box dynamic analysis reverse engineering tool to derive from scans of memory registers of exposed controllers an approximated model of the controlled physical process. Such an approximated model is developed by inferring statistical properties, business processes and, in particular, system invariants whose knowledge might be crucial to build up stealthy (i.e., undetectable) attacks. We test the proposed methodology on a non-trivial case study, taken from the context of industrial water treatment systems.