Abstract
This work explores theoretical related to the assessment of the embedded software security of programmable logic controllers (PLC) of industrial cyber-physical systems, which are the basic components of automated process control systems. Analysis of the relevance of the problem of evaluating software security has performed, correlation between software complexity and number of vulnerabilities has elucidated. The key features of embedded software affecting information security has identified. A formal approach to the assessment of security, based on the achievement of two indicators, modern software research methods for the presence of vulnerabilities and undeclared capabilities has been considered their shortcomings have covered, in particular, dependence on expert qualifications and open source orientation on vulnerability information. The use of a risk-based approach to the assessment of security, based on the family of standards ISO 29119-2013 has proposed. The proposed refinement and expansion of the basic methods of software in terms of assessing the security of software. Refinements and extensions of the basic software methodology in terms of software security assessment have proposed. The characteristic features and benefits of a risk-based approach have formulated.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ICS-CERT Annual Assessment Report. Industrial Control Systems Cyber Emergency Response Team FY 2016, Industrial Control System—Cyber Emergency Response Team. https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/FY2016_Industrial_Control_Systems_Assessment_Summary_Report_S508C.pdf. Accessed 10 June 2019
TIOBE Index for December 2016. http://www.tiobe.com/tiobe-index (дaтa oбpaщeния 10.06.2019)
Sklyar, V.: Application of reliability theory to functional safety of computer control systems. Reliab.: Theory Appl. 12(1)(44), 26–37 (2017)
Barabanov, A.V., Lavrov, A.I., Markov, A.S., Polotnyanschikov, I.A., Tsirlov, V.L.: The study into cross-site request forgery attacks within the framework of analysis of Software vulnerabilities. Tpyды Инcтитyтa cиcтeмнoгo пpoгpaммиpoвaния PAH 29(5), 7–18 (2017)
Common Vulnerabilities and Exposures (CVE). https://www.iso.org/standard/68837.html. Accessed 10 June 2019
Klick, J., Lau, S.: Internet-Facing PLCs—A New Back Orifice. BLACK HAT USA (2015)
ISO/IEC/IEEE 29119-1:2013. Software and systems engineering—Software testing—Part 1: Concepts and definitions
Shahbaz, M.: Reverse Engineering and Testing of Black-Box Software Components: By Grammatical Inference Techniques. LAP LAMBERT Academic Publishing (2012). ISBN 978-3659140730
Drury, B.: Control Techniques Drives and Controls Handbook, 2nd ed. Institution of Engineering and Technology, 508 pp. (2009)
Pozin, B.Α.: The principles of life cycle supporting system for mission-critical systems (Printsipy podderzhki zhiznennogo tsikla dlya kriticheski vazhnykh system) (In Russian). Trudy Instituta sistemnogo programmirovaniya RAN 30(1), 103–114 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Korsakov, I.A., Durakovskiy, A.P. (2020). About the Security Assessment of Embedded Software in Automated Process Control System. In: Misyurin, S., Arakelian, V., Avetisyan, A. (eds) Advanced Technologies in Robotics and Intelligent Systems. Mechanisms and Machine Science, vol 80. Springer, Cham. https://doi.org/10.1007/978-3-030-33491-8_46
Download citation
DOI: https://doi.org/10.1007/978-3-030-33491-8_46
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33490-1
Online ISBN: 978-3-030-33491-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)