CONSTRUCT: A Program Synthesis Approach for Reconstructing Control Algorithms from Embedded System Binaries in Cyber-Physical Systems

TL;DR

This paper presents CONSTRUCT, a novel method that automatically reconstructs control algorithms from embedded system binaries in cyber-physical systems, aiding compliance assessment and forensic analysis.

Contribution

It introduces a new static analysis and evolutionary search-based approach to synthesize control laws from binary files of industrial CPS.

Findings

Effective in three real-world case studies

Accurately reconstructs control algorithms from binaries

Assists experts in compliance and forensic evaluations

Abstract

We introduce a novel approach to automatically synthesize a mathematical representation of the control algorithms implemented in industrial cyber-physical systems (CPS), given the embedded system binary. The output model can be used by subject matter experts to assess the system's compliance with the expected behavior and for a variety of forensic applications. Our approach first performs static analysis on decompiled binary files of the controller to create a sketch of the mathematical representation. Then, we perform an evolutionary-based search to find the correct semantic for the created representation, i.e., the control law. We demonstrate the effectiveness of the introduced approach in practice via three case studies conducted on two real-life industrial CPS.