| Title | Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Rajput, Prashant Hari Narayan, Sarkar, Esha, Tychalas, Dimitrios, Maniatakos, Michail |
| Conference Name | 2021 IEEE European Symposium on Security and Privacy (EuroS&P) |
| Date Published | sep |
| Keywords | false trust, Hardware, Hardware performance counters, hardware root-of-trust, JTAG, Kernel, Linux, Malware, malware detection, performance evaluation, policy-based governance, pubcrawl, Real-time Systems, resilience, Resiliency, rootkit, Scalability, Semantics |
| Abstract | Digitization has been rapidly integrated with manufacturing industries and critical infrastructure to increase efficiency, productivity, and reduce wastefulness, a transition being labeled as Industry 4.0. However, this expansion, coupled with the poor cybersecurity posture of these Industrial Internet of Things (IIoT) devices, has made them prolific targets for exploitation. Moreover, modern Programmable Logic Controllers (PLC) used in the Operational Technology (OT) sector are adopting open-source operating systems such as Linux instead of proprietary software, making such devices susceptible to Linux-based malware. Traditional malware detection approaches cannot be applied directly or extended to such environments due to the unique restrictions of these PLC devices, such as limited computational power and real-time requirements. In this paper, we propose ORRIS, a novel lightweight and out-of-the-device framework that detects malware at both kernel and user-level by processing the information collected using the Joint Test Action Group (JTAG) interface. We evaluate ORRIS against in-the-wild Linux malware achieving maximum detection accuracy of 99.7% with very few false-positive occurrences, a result comparable to the state-of-the-art commercial products. Moreover, we also develop and demonstrate a real-time implementation of ORRIS for commercial PLCs. |
| DOI | 10.1109/EuroSP51992.2021.00033 |
| Citation Key | rajput_remote_2021 |
Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware