Hardware-Based Memory Acquisition Procedure for Digital Investigations of Security Incidents in Industrial Control Systems
| Title | Hardware-Based Memory Acquisition Procedure for Digital Investigations of Security Incidents in Industrial Control Systems |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Sokolov, A. N., Barinov, A. E., Antyasov, I. S., Skurlaev, S. V., Ufimtcev, M. S., Luzhnov, V. S. |
| Conference Name | 2018 Global Smart Industry Conference (GloSIC) |
| Date Published | nov |
| ISBN Number | 978-1-5386-7386-7 |
| Keywords | attacked computer, comprehensive solutions, computer security, continuous monitoring systems, control engineering computing, data collection procedure, digital investigations, forensic, guaranteed reliability, hardware-based memory acquisition procedure, ICs, industrial control, industrial control systems, Information security, integrated circuits, invasive software, malicious software functions, Malware, memory contents collecting, operating system, Operating systems, operating systems (computers), Operating Systems Security, production engineering computing, pubcrawl, reliability, reliable code, resilience, Resiliency, resulting contents, Scalability, scalable, security incidents, software methods, volatile memory |
| Abstract | The safety of industrial control systems (ICS) depends not only on comprehensive solutions for protecting information, but also on the timing and closure of vulnerabilities in the software of the ICS. The investigation of security incidents in the ICS is often greatly complicated by the fact that malicious software functions only within the computer's volatile memory. Obtaining the contents of the volatile memory of an attacked computer is difficult to perform with a guaranteed reliability, since the data collection procedure must be based on a reliable code (the operating system or applications running in its environment). The paper proposes a new instrumental method for obtaining the contents of volatile memory, general rules for implementing the means of collecting information stored in memory. Unlike software methods, the proposed method has two advantages: firstly, there is no problem in terms of reading the parts of memory, blocked by the operating system, and secondly, the resulting contents are not compromised by such malicious software. The proposed method is relevant for investigating security incidents of ICS and can be used in continuous monitoring systems for the security of ICS. |
| URL | https://ieeexplore.ieee.org/document/8570109 |
| DOI | 10.1109/GloSIC.2018.8570109 |
| Citation Key | sokolov_hardware-based_2018 |
- reliable code
- malware
- memory contents collecting
- operating system
- operating systems
- operating systems (computers)
- production engineering computing
- pubcrawl
- Reliability
- malicious software functions
- resilience
- Resiliency
- resulting contents
- Scalability
- scalable
- security incidents
- software methods
- volatile memory
- guaranteed reliability
- attacked computer
- comprehensive solutions
- computer security
- continuous monitoring systems
- control engineering computing
- data collection procedure
- digital investigations
- forensic
- Operating systems security
- hardware-based memory acquisition procedure
- ICs
- industrial control
- Industrial Control Systems
- information security
- integrated circuits
- invasive software