Employing secure coding practices into industrial applications: a case study |
| |
| Authors: | Abdullah Khalili Ashkan Sami Mahdi Azimi Sara Moshtari Zahra Salehi Mahboobe Ghiasi Ali Akbar Safavi |
| |
| Affiliation: | 1.CSE and IT Department, School of Electrical and Computer Engineering,Shiraz University,Shiraz,Iran;2.Power and Control Engineering Department, School of Electrical and Computer Engineering,Shiraz University,Shiraz,Iran |
| |
| Abstract: | Industrial Control Systems (ICS) are the vital part of modern critical infrastructures. Recent attacks to ICS indicate that these systems have various types of vulnerabilities. A large number of vulnerabilities are due to secure coding problems in industrial applications. Several international and national organizations like: NIST, DHS, and US-CERT have provided extensive documentation on securing ICS; however proper details on securing software application for industrial setting were not presented. The notable point that makes securing a difficult task is the contradictions between security priorities in ICS and IT systems. In addition, none of the guidelines highlights the implications on modification of general IT security solutions to industrial settings. Moreover based on the best of our knowledge, steps to develop a successful real-world secure industrial application have not been reported. In this paper, the first attempts to employ secure coding best practices into a real world industrial application (Supervisory Control and Data Acquisition) called OpenSCADA is presented. Experiments indicate that resolving the vulnerabilities of OpenSCADA in addition to possible improvement in its availability, does not jeopardize other dimensions of security. In addition, all experiments are backed up with proper statistical tests to see whether or not, improvements are statistically significant. |
| |
| Keywords: | |
| 本文献已被 SpringerLink 等数据库收录! |
|
