Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Towards a modular security testing framework for industrial automation and control systems: ISuTest

: Pfrang, Steffen; Meier, David; Kautz, V.

Fulltext urn:nbn:de:0011-n-4817047 (1.1 MByte PDF)
MD5 Fingerprint: 05d9992bcf1f29cb71ddb7437a4f3955
© IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Created on: 1.2.2018

Institute of Electrical and Electronics Engineers -IEEE-:
ETFA 2017, 22nd IEEE International Conference on Emerging Technologies and Factory Automation : 12-15 September 2017, Limassol, Cyprus
Piscataway, NJ: IEEE, 2017
ISBN: 978-1-5090-6505-9
ISBN: 978-1-5090-6504-2
ISBN: 978-1-5090-6506-6
5 pp.
International Conference on Emerging Technologies and Factory Automation (ETFA) <22, 2017, Limassol/Cyprus>
Conference Paper, Electronic Publication
Fraunhofer IOSB ()

Industrial automation and control systems (IACS) play a key role in modern production facilities. On the one hand, they provide real-time functionality to the connected field devices. On the other hand, they get more and more connected to local networks and the internet in order to facilitate use cases promoted by “Industry 4.0”. This makes IACS susceptible to cyber-attacks which exploit vulnerabilities, for example in order to interrupt the automation process. Security testing targets at discovering those vulnerabilities before they are exploited. In order to enable IACS manufacturers and integrators to perform security testing for their devices, we present ISuTest, a modular security testing framework for IACS. ISuTest is designed to be extendable regarding all kinds of automation protocols, different connection paths as well as evaluating arbitrary outputs of the tested devices. This paper describes the fundamental ideas behind ISuTest, its design and a basic evaluation in which the ISuTest framework was able to discover a vulnerability in a programmable logic controller (PLC). The paper concludes with a broad overview of the planned future work.