Cyber-Physical Taint Analysis in Multi-stage Manufacturing Systems (MMS): A Case Study

TL;DR

This paper adapts dynamic taint analysis for multi-stage manufacturing systems by developing manufacturing-specific rules and demonstrates its potential for intrusion diagnosis through a case study.

Contribution

It introduces manufacturing-specific taint propagation rules to extend dynamic taint analysis for MMS security assessment.

Findings

Extended DTA enables taint tracking in MMS.

Preliminary intrusion diagnosis is feasible with the new method.

Case study validates the approach's potential.

Abstract

Information flows are intrinsic properties of an multi-stage manufacturing systems (MMS). In computer security, a basic information flow tracking technique is dynamic taint analysis (DTA). DTA tracks taint propagation from one data variable (e.g., a buffer holding a HTTP request) to another. Taint propagation paths are typically determined by data flows and implicit flows in a computer program. And the union of all the taint propagation paths forms a taint graph. It is clear that taints graphs could significantly enhance intrusion diagnosis. However, the existing DTA techniques cannot be directly used in an MMS, and a main reason is as follows: Without manufacturing-specific taint propagation rules, DTA cannot be implemented. In this work, we conduct a case study which (a) extends the existing DTA method with manufacturing-specific taint propagation rules, and (b) applies the extended method to perform preliminary intrusion diagnosis with a small-scale test-bed.