TROPICS - Timely and RObust Patching of Industrial Control Systems

Industrial Control Systems (ICS/SCADA) control the most crucial resources in factories, powerplants, and production facilities. Safety and security for such systems is of the highest priority. Paradoxially, these systems are often among the worst protected against the latest cyber attacks. The problem is that even if an update is available, adminisitrators are reluctant to apply it, as bugs or unexpected side effects in the new code may jeopardize the very safety and stability of mission critical systems. In addition, the updates (or security patches) typically become available weeks or months after the discovery of the vulnerability, extending the window of vulnerability to many months (or even years). The goal of the TROPICS proposal is to close this window as soon as possible. In today's world security updates for ICS are problematic, because almost all the relevant information is lacking: we do not know about vulnerabilities until is too late, and if we do hear about them, we are often not sure about the severity of the vulnerability (" how urgent is this?"). Also, there may be no patch available yet ("how do I fix this?" ), and even if there is a patch, it is typically unclear how risky it is to apply it ("may it crash or destabilize the system?"). Finally, there is no reasonable solution when the problem is serious and there is no patch, or the patch is risky--the only (unacceptable) option is to stay vulnerable. In the TROPICS project, we will address these issues by developing novel techniques to: - Determine the severity of the vulnerability to help adminstrators decide whether an immediate patch is needed. We will do so by finding and analyzing vulnerabilities with an aim of automatic exploit generation. Specifically, we explore how easily the vulnerability can lead to control over the registers, access to data (via read and write primitives), and an end-to-end exploit. - Score the impact of the patch in how it may interfere with the stability or functionality of the software. The analysis consists of p