System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Industrial Robots
1. System Security Research @ NECSTLab
+
An experimental security analysis
of an Industrial Robot Controller
Marcello Pogliani
NECSTLab @ Sysdig, CA, June 2017
2. NECSTLab Research in System Security
● Novel attacks on bleeding-edge technology
● Malicious software (malware) analysis
● Computer forensics
● Mobile (mostly Android) security
● Web security
● Bank fraud analysis and detection
● Anomaly-based intrusion detection
3. Sample Projects
● A. Continella et al., ShieldFS: a self-healing,
ransomware-aware filesystem - ACSAC 2016 &
BlackHat 2017
● M. Polino et al., Jackdaw: Towards automatic
reverse engineering of large datasets of binaries -
DIMVA 2015
Malware analysis
4. ShieldFS: Key Takeaways
The way ransomware interacts with the filesystem is
significantly different than benign applications
DETECTION. We can detect ransomware behaviors by
monitoring the file system activity
PROTECTION. Mere detection is insufficient
● Stopping a suspicious process may be too late
● We need to protect users’ data, reverting the effects
of ransomware attacks.
5. ● Automated Behavior Generalization
○ System to Assist Malware Analysis
○ Automatically Extracting High-Level Behavior
○ Remove a Time Consuming Manual step in
Static-Dynamic Analysis
○ Automatic Algorithm to Associate Semantic Tags
● Anti-Analysis Issues
○ Built a Generic Unpacker DBI based
○ Dynamic Protection Framework
Jackdaw: Key Takeaways
6. Sample Projects
● M. Carminati et al., BankSealer: an online banking
fraud analysis and decision support system - IFIP
2014
(banking) fraud detection
7.
8. Sample Projects
● C. Zheng et al., On-chip system call tracing: A
feasibility study and open prototype - CNS 2016
● N. Andronio et al., HelDroid: Dissecting and
detecting mobile ransomware - RAID 2015 and
BlackHat EU 2016
● L. Falsina et al., Grab'n Run: Secure and Practical
Dynamic Code Loading for Android Applications -
ACSAC 2015
mobile security
9. ● D. Quarta et al., An Experimental Security Analysis
of an Industrial Robot Controller - S&P 2017 &
BlackHat 2017
Sample Projects
cyber-physical systems security
We’ll now focus on this project!
10. An experimental security analysis
of an Industrial Robot Controller
Davide Quarta, Marcello Pogliani, Mario Polino,
Federico Maggi, Andrea Maria Zanchettin, Stefano Zanero
Appeared at the 38th IEEE Symp. on Security and Privacy