System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Industrial Robots

•

2 likes•128 views

NECST Lab @ Politecnico di Milano

NGC17 - NECSTLab visiting Sysdig

Engineering

System Security Research @ NECSTLab
+
An experimental security analysis
of an Industrial Robot Controller
Marcello Pogliani
NECSTLab @ Sysdig, CA, June 2017

NECSTLab Research in System Security
● Novel attacks on bleeding-edge technology
● Malicious software (malware) analysis
● Computer forensics
● Mobile (mostly Android) security
● Web security
● Bank fraud analysis and detection
● Anomaly-based intrusion detection

Sample Projects
● A. Continella et al., ShieldFS: a self-healing,
ransomware-aware filesystem - ACSAC 2016 &
BlackHat 2017
● M. Polino et al., Jackdaw: Towards automatic
reverse engineering of large datasets of binaries -
DIMVA 2015
Malware analysis

ShieldFS: Key Takeaways
The way ransomware interacts with the filesystem is
significantly different than benign applications
DETECTION. We can detect ransomware behaviors by
monitoring the file system activity
PROTECTION. Mere detection is insufficient
● Stopping a suspicious process may be too late
● We need to protect users’ data, reverting the effects
of ransomware attacks.

● Automated Behavior Generalization
○ System to Assist Malware Analysis
○ Automatically Extracting High-Level Behavior
○ Remove a Time Consuming Manual step in
Static-Dynamic Analysis
○ Automatic Algorithm to Associate Semantic Tags
● Anti-Analysis Issues
○ Built a Generic Unpacker DBI based
○ Dynamic Protection Framework
Jackdaw: Key Takeaways

Sample Projects
● M. Carminati et al., BankSealer: an online banking
fraud analysis and decision support system - IFIP
2014
(banking) fraud detection

Sample Projects
● C. Zheng et al., On-chip system call tracing: A
feasibility study and open prototype - CNS 2016
● N. Andronio et al., HelDroid: Dissecting and
detecting mobile ransomware - RAID 2015 and
BlackHat EU 2016
● L. Falsina et al., Grab'n Run: Secure and Practical
Dynamic Code Loading for Android Applications -
ACSAC 2015
mobile security

● D. Quarta et al., An Experimental Security Analysis
of an Industrial Robot Controller - S&P 2017 &
BlackHat 2017
Sample Projects
cyber-physical systems security
We’ll now focus on this project!

An experimental security analysis
of an Industrial Robot Controller
Davide Quarta, Marcello Pogliani, Mario Polino,
Federico Maggi, Andrea Maria Zanchettin, Stefano Zanero
Appeared at the 38th IEEE Symp. on Security and Privacy

Motivation: Industry 4.0 Trends
Interconnected
Flexibly
programmable
Remotely
exposed

Motivation: Lack of Awareness
➢
➢
➢
➢
* some users did not answer all the questions

How do we define a robot-specific attack?

Requirements: Laws of Robotics
➢
■
■
➢
■
■
➢
■

Requirements: Laws of Robotics
➢
■
■
➢
■
■
➢
■
Robot-specific Attack:
Digital-borne violation of any
of these requirements

Attack 2: Tampering with Calibration Parameters

Attack 3: Tampering with the Production Logic

Attack 4 & 5: (Perceived) Robot State Alteration

Custom Physical Protections, if any (despite regulations)

ARM, Windows CE .NET 3.5
VxWorks 5.x RTOS
(PPC, x86)
FPGAs and
discrete logic

POC 2: Safety Violation
Teach Pendant
Malicious DLL

Questions?
Marcello Pogliani
@mapogli
marcello.pogliani@polimi.it
http://robosec.org
Slide credits: Davide Quarta
Thanks to: Davide Quarta, Mario Polino, Federico Maggi, Andrea M. Zanchettin, Stefano Zanero

What's hot

Understanding the "Intelligence" in AIRaffael Marty

The Current ICS Threat LandscapeDragos, Inc.

Base Metal ForensicsNapier University

JAKU Botnet AnalysisNapier University

How Long to Boom: Understanding and Measuring ICS Hacker MaturityDragos, Inc.

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...Black Duck by Synopsys

Intelligence-Driven Industrial Security with Case Studies in ICS Attacks Dragos, Inc.

Análisis de seguridad integral con ElasticElasticsearch

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys

The Intersection Between Open Source and CybersecurityBlack Duck by Synopsys

160415 lan and-wan-ctapLan & Wan Solutions

Intelligent Application SecurityPriyanka Aash

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical DevicePriyanka Aash

Data mining in Cyber securityPsychoCryGaming

IoT MQTT Projects For Research StudentsPhdtopiccom

Case Study on supply chain attack-how an rce in jenkins leads to data breache...idsecconf

How is ai important to the future of cyber security Robert Smith

TRISIS in PerspectiveDragos, Inc.

QA Fest 2019. Ирина Бондарук. Breaking into information securityQAFest

The Four Types of Threat Detection and Use Cases in Industrial SecurityDragos, Inc.

What's hot (20)

Understanding the "Intelligence" in AI

The Current ICS Threat Landscape

Base Metal Forensics

JAKU Botnet Analysis

How Long to Boom: Understanding and Measuring ICS Hacker Maturity

Open Source Insight: You Can’t Beat Hackers and the Pentagon Moves into Open...

Intelligence-Driven Industrial Security with Case Studies in ICS Attacks

Análisis de seguridad integral con Elastic

Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...

The Intersection Between Open Source and Cybersecurity

160415 lan and-wan-ctap

Intelligent Application Security

Wireless Infusion Pumps: Securing Hospitals’ Most Ubiquitous Medical Device

Data mining in Cyber security

IoT MQTT Projects For Research Students

Case Study on supply chain attack-how an rce in jenkins leads to data breache...

How is ai important to the future of cyber security

TRISIS in Perspective

QA Fest 2019. Ирина Бондарук. Breaking into information security

The Four Types of Threat Detection and Use Cases in Industrial Security

Similar to System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Industrial Robots

Android Malware Detection Literature ReviewAhmed Sabbah

IoT SecurityNarudom Roongsiriwong, CISSP

ATAGTR2017 Security Testing / IoT Testing in Real WorldAgile Testing Alliance

Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptxInfosectrain3

Security Industry OverviewThomvest Ventures

IJWMN -Malware Detection in IoT Systems using Machine Learning Techniquesijwmn

MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUESijwmn

kaspersky presentation for palette business solution June 2016 v1.0.Onwubiko Emmanuel

iotsecurity-171108154118.pdfKerimBozkanli

Security Architecture for Cyber Physical SystemsAlan Tatourian

Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013Clouditalia Telecomunicazioni

Security and Privacy Big Challenges in Internet of thingsIRJET Journal

Privacy and Security for the Emerging Internet of ThingsJason Hong

Panda Security2008tswong

IRJET- Windows Log Investigator System for Faster Root Cause Detection of a D...IRJET Journal

IRJET - Research on Data Mining of Permission-Induced Risk for Android DevicesIRJET Journal

IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...IRJET Journal

System Security @ NECSTLabNECST Lab @ Politecnico di Milano

Best of Positive Research 2013qqlan

What are the Challenges of IoT SecurityIoT has many of the same s.docxalanfhall8953

Similar to System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Industrial Robots (20)

Android Malware Detection Literature Review

IoT Security

ATAGTR2017 Security Testing / IoT Testing in Real World

Domain 7 of CEH Mobile Platform, IoT, and OT Hacking.pptx

Security Industry Overview

IJWMN -Malware Detection in IoT Systems using Machine Learning Techniques

MALWARE DETECTION IN IOT SYSTEMS USING MACHINE LEARNING TECHNIQUES

kaspersky presentation for palette business solution June 2016 v1.0.

iotsecurity-171108154118.pdf

Security Architecture for Cyber Physical Systems

Presentazione CHECKPOINT Evento CloudGarage 5-11 giugno 2013

Security and Privacy Big Challenges in Internet of things

Privacy and Security for the Emerging Internet of Things

Panda Security2008

IRJET- Windows Log Investigator System for Faster Root Cause Detection of a D...

IRJET - Research on Data Mining of Permission-Induced Risk for Android Devices

IRJET- Securing IP Surveillance Cameras using Adaptive Security Appliance...

System Security @ NECSTLab

Best of Positive Research 2013

What are the Challenges of IoT SecurityIoT has many of the same s.docx

Recently uploaded

Generative AI or GenAI technology based PPTbhaskargani46

Thermal Engineering -unit - III & IV.pptDineshKumar4165

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...HenryBriggs2

Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...soginsider

A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxmaisarahman1

Learn the concepts of Thermodynamics on Magic MarksMagic Marks

Thermal Engineering-R & A / C - unit - VDineshKumar4165

S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptxSCMS School of Architecture

Block diagram reduction techniques in control systems.pptNANDHAKUMARA10

Standard vs Custom Battery Packs - Decoding the Power PlayEpec Engineered Technologies

Hostel management system project report..pdfKamal Acharya

Thermal Engineering Unit - I & II . pptDineshKumar4165

Minimum and Maximum Modes of microprocessor 8086anil_gaur

notes on Evolution Of Analytic Scalability.pptMsecMca

Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)

A Study of Urban Area Plan for Pabna MunicipalityMorshed Ahmed Rahath

Design For Accessibility: Getting it right from the startQuintin Balsdon

Work-Permit-Receiver-in-Saudi-Aramco.pptxJuliansyahHarahap1

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b

COST-EFFETIVE and Energy Efficient BUILDINGS ptxJIT KUMAR GUPTA

Recently uploaded (20)

Generative AI or GenAI technology based PPT

Thermal Engineering -unit - III & IV.ppt

scipt v1.pptxcxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx...

Hazard Identification (HAZID) vs. Hazard and Operability (HAZOP): A Comparati...

A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx

Learn the concepts of Thermodynamics on Magic Marks

Thermal Engineering-R & A / C - unit - V

S1S2 B.Arch MGU - HOA1&2 Module 3 -Temple Architecture of Kerala.pptx

Block diagram reduction techniques in control systems.ppt

Standard vs Custom Battery Packs - Decoding the Power Play

Hostel management system project report..pdf

Thermal Engineering Unit - I & II . ppt

Minimum and Maximum Modes of microprocessor 8086

notes on Evolution Of Analytic Scalability.ppt

Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...

A Study of Urban Area Plan for Pabna Municipality

Design For Accessibility: Getting it right from the start

Work-Permit-Receiver-in-Saudi-Aramco.pptx

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

COST-EFFETIVE and Energy Efficient BUILDINGS ptx

System Security @ NECSTLab and Breaking the Laws of Robotics: Attacking Industrial Robots

1. System Security Research @ NECSTLab + An experimental security analysis of an Industrial Robot Controller Marcello Pogliani NECSTLab @ Sysdig, CA, June 2017

2. NECSTLab Research in System Security ● Novel attacks on bleeding-edge technology ● Malicious software (malware) analysis ● Computer forensics ● Mobile (mostly Android) security ● Web security ● Bank fraud analysis and detection ● Anomaly-based intrusion detection

3. Sample Projects ● A. Continella et al., ShieldFS: a self-healing, ransomware-aware filesystem - ACSAC 2016 & BlackHat 2017 ● M. Polino et al., Jackdaw: Towards automatic reverse engineering of large datasets of binaries - DIMVA 2015 Malware analysis

4. ShieldFS: Key Takeaways The way ransomware interacts with the filesystem is significantly different than benign applications DETECTION. We can detect ransomware behaviors by monitoring the file system activity PROTECTION. Mere detection is insufficient ● Stopping a suspicious process may be too late ● We need to protect users’ data, reverting the effects of ransomware attacks.

5. ● Automated Behavior Generalization ○ System to Assist Malware Analysis ○ Automatically Extracting High-Level Behavior ○ Remove a Time Consuming Manual step in Static-Dynamic Analysis ○ Automatic Algorithm to Associate Semantic Tags ● Anti-Analysis Issues ○ Built a Generic Unpacker DBI based ○ Dynamic Protection Framework Jackdaw: Key Takeaways

6. Sample Projects ● M. Carminati et al., BankSealer: an online banking fraud analysis and decision support system - IFIP 2014 (banking) fraud detection

8. Sample Projects ● C. Zheng et al., On-chip system call tracing: A feasibility study and open prototype - CNS 2016 ● N. Andronio et al., HelDroid: Dissecting and detecting mobile ransomware - RAID 2015 and BlackHat EU 2016 ● L. Falsina et al., Grab'n Run: Secure and Practical Dynamic Code Loading for Android Applications - ACSAC 2015 mobile security

9. ● D. Quarta et al., An Experimental Security Analysis of an Industrial Robot Controller - S&P 2017 & BlackHat 2017 Sample Projects cyber-physical systems security We’ll now focus on this project!

10. An experimental security analysis of an Industrial Robot Controller Davide Quarta, Marcello Pogliani, Mario Polino, Federico Maggi, Andrea Maria Zanchettin, Stefano Zanero Appeared at the 38th IEEE Symp. on Security and Privacy

11. Takeouts

12. Motivation: Industry 4.0 Trends Interconnected Flexibly programmable Remotely exposed

13. What is an industrial robot?

14.

15. Industrial Robots?

16. Industrial Robots?

17. Industrial Robots?

18.

19. Co-Bots: No Cage Required!

20. Motivation: Lack of Awareness ➢ ➢ ➢ ➢ * some users did not answer all the questions

21. How do we define a robot-specific attack?

22. Requirements: Laws of Robotics ➢ ■ ■ ➢ ■ ■ ➢ ■