PLC Security Research Artifacts

<div align="center"> <kbd> <img src="img/logo.jpeg" /> </kbd> </div> <br />

This repository hosts a list of the publicly available artifacts related to PLC security research. The purpose of this repository is:

• Highlight and recognize the authors who have put in the effort to release their research artifacts (source code, experimental data, etc).
• Provide the research community with a centralized PLC security artifact list.
• Encourage and foster other authors to release their research artifacts so that the community can replicate results and built upon them.

How to contribute?

If you would like to add a new artifact to the below table please send a Pull Request using the provided template.

Attack and Defense Methods

| # | Artifact Name | Method | Paper | Year | |:--:|:------------------------------:|:--------------:|:----------------------------------------------------------------------------------------------------------------------------:|:----:| | 1 | Backdoor Attack | Attack | Blind Concealment from Reconstruction-based Attack Detectors for Industrial Control Systems via Backdoor Attacks | 2023 | | 2 | ICSPatch | Defense | ICSPatch: Automated Vulnerability Localization and Non-Intrusive Hotpatching in Industrial Control Systems using Data Dependence Graphs | 2023 | | 3 | OPC-UA Attack | Attack | Security Analysis of Vendor Implementations of the OPC UA Protocol for Industrial Control Systems | 2022 | | 4 | D-Box | Defense | D-Box: DMA-enabled Compartmentalization for Embedded Applications | 2022 | | 5 | PLCrypto | Defense | PLCrypto: A Symmetric Cryptographic Library for Programmable Logic Controllers | 2021 | | 6 | ORRIS | Defense | Remote Non-Intrusive Malware Detection for PLCs based on Chain of Trust Rooted in Hardware | 2021 | | 7 | vBump | Defense | vBump: Securing Ethernet-based Industrial Control System Networks with VLAN-based Traffic Aggregation | 2021 | | 8 | AttkFinder | Attack | AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis | 2021 | | 9 | DigitalTwin-SIEM-integration | Defense | Integrating digital twin security simulations in the security operations center | 2020 | | 10 | ICS Fingerprinting | Defense | I came, I saw, I hacked: Automated Generation of Process-independent Attacks for Industrial Control Systems | 2020 | | 11 | Constrained Concealment Attack | Attack | Constrained concealment attacks against reconstruction-based anomaly detectors in industrial control systems | 2020 | | 12 | Shade | Defense | Overshadow plc to detect remote control-logic injection attacks | 2019 | | 13 | easy-rte | Defense | Smart I/O modules for mitigating cyber-physical attacks on industrial control systems | 2019 | | 14 | Control Logic Injection Attack | Attack | Control logic injection attacks on industrial control systems | 2019 | | 15 | CLIK | Attack | Clik on plcs! attacking control logic with decompilation and virtual plc | 2019 | | 16 | ICS-SDN | Defense | A virtual environment for industrial control systems: A nonlinear use-case in attack detection, identification, and response | 2018 | | 17 | CPS-Twinning | Defense | Towards security-aware virtual environments for digital twins | 2018 | | 18 | OpenPLC | Defense | Securing scada applications using openplc with end-to-end encryption | 2017 | | 19 | PLCInject | Attack | Internet-facing PLCs-a new back orifice | 2015 | | 20 | Attacking ControlLogix | Attack | Project Basecamp–attacking ControlLogix | 2012 | | 21 | Exploiting S7 | Attack | Exploiting siemens simatic s7 plcs | 2011 |

Research Paper

SoK: Security of Programmable Logic Controllers

If you use our work in a scientific publication, please do cite us using this BibTex entry:

@inproceedings{placeholder,
 author    = {placeholder},
 booktitle = {placeholder},
 title     = {placeholder},
 year      = {placeholder}
}