Abstract
After the 911 terrorist attacks, the American government thoroughly investigated the vulnerabilities of infrastructure environment and found that the lack of security protection of most automated control systems is a vulnerable point. In order to ensure security in control systems, it is urgent to investigate the issue of potential malicious code, especially that made by insiders. This paper first discusses the undecidability of identifying all kinds of malicious code on control systems. However, effort to analyzing malicious code pays since it may increase the difficulty of insider attacks and improve the safety and security of the system. This paper then classifies malicious codes based on control system characteristics. The potential malicious code classifications include time-dependent, data-dependent, behavior-dependent, input-dependent, violation of a certain theorem, and so on. Finally, the paper presents possible approaches to prevention and detection of malicious code on control systems.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Lithuanian nuclear power-plant logic bomb detected, Software Engineering Notes 17(2) (2006)
Major power outage hits New York, other large cities (2003)
Calton: Taipei Subway Computer Crash. The Risks Digest 18(17) (1996)
Leveson, N.G.: Intent specification: an approach to building human-centered pecifications. IEEE Transactions on Software Engineer 26(1) (January 2000)
McGraw, G., Morrisett, G.: Attacking malicious code: Report to the Infosec research council. IEEE Software 17(5), 33–41 (2002)
Poulsen, K.: Slammer worm crashed Ohio nuke plant network, Security Focus News, Security Focus (2003)
Matt, L.: US software ’blew up Russian gas pipeline, ZDNet, UK (2004)
Lo, R.W., Levitt, K.N., Olsson, R.A.: MCF: A Malicious code Filter. Computers and Security 14(6), 541–566 (1995)
U.S.Secret Service and CERT Coordination Center/SEI, Insider Threat Study: Computer System Savotage in Critical Infrastructure Sectors (2005)
U.S.Secret Service and CERT Coordination Center/SEI, Insider Threat Study: Illicit Cyber Activity in the Banking and Finance Sector (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Tseng, WH., Fan, CF. (2007). Handling Malicious Code on Control Systems. In: Saglietti, F., Oster, N. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2007. Lecture Notes in Computer Science, vol 4680. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75101-4_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-75101-4_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75100-7
Online ISBN: 978-3-540-75101-4
eBook Packages: Computer ScienceComputer Science (R0)