@inproceedings{4af8ff6c22194b3d93bb106d7d74e303,
title = "PLC access control: A security analysis",
abstract = "A Programmable Logic Controller (PLC) is a very common industrial control system device used to control output devices based on data received (and processed) from input devices. Given the central role that PLCs play in deployed industrial control systems, it has been a preferred target of ICS attackers. A quick search in the ICS-CERT repository reveals that out of a total of 589 advisories, more than 80 target PLCs. Stuxnet attack, considered the most famous reported incident on ICS, targeted mainly PLCs. Most of the PLC reported incidents are rooted in the fact that the PLC being accessed in an unauthorized way. In this paper, we investigate the PLC access control problem. We discuss several access control models but we focus mainly on the commonly adopted password-based access control. We show how such passwordbased mechanism can be compromised in a realistic scenario as well as the list the attacks that can be derived as a consequence. This paper details a set of vulnerabilities targeting recent versions of PLCs (2016) which have not been reported in the literature.",
keywords = "Access Control, Industrial Control Systems, PLC, Passwords, SCADA",
author = "Haroon Wardak and Sami Zhioua and Ahmad Almulhem",
note = "Publisher Copyright: {\textcopyright} 2016 IEEE.; 2016 World Congress on Industrial Control Systems Security, WCICSS 2016 ; Conference date: 12-12-2016 Through 14-12-2016",
year = "2017",
month = mar,
day = "20",
doi = "10.1109/WCICSS.2016.7882935",
language = "English",
series = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "56--61",
booktitle = "2016 World Congress on Industrial Control Systems Security, WCICSS 2016",
}