IT-Security, Industrial Communication Technology

VuTAT: Vulnerability Tests of AT Components

Prof. Dr. rer. nat. Stefan Heiss
01.10.2009 bis 31.12.2012

Motivation

By an increasing use of standardized IT technologies in the field of automation, the use of TCP/IP based protocols and applications, which are already used successfully in office environments for many years, becomes possible. Using standard IT technologies and protocols allows the integration of field level components and networks in corporate networks or even the internet. This allows geographic independent command, control and maintenance of such components.

However, through the use of standardized technologies and the advanced interconnectivity, additional threats from malicious software (malware like viruses and worms) endanger the failure-free operation of plants networked in this way. Since the destructive effect of malware is based on the exploitation of vulnerabilities (in SW implementations and/or protocol usages), the use of vulnerability free components becomes very important for a secure and failure-free operation of such a plant.  

Project targets

The main target of the project is the development of a framework to analyze and identify vulnerabilities of different AT components, which are using Ethernet based communication protocols. The framework shall allow an easy application by non IT security specialist, in particular by developers and quality assurance personnel during the product development and testing phases. Finally, a PC based test environment shall be developed, which allows an almost automated application of the framework.

This project is promoted by:
Sponsors: Arbeitsgemeinschaft industrieller Forschungsvereinigungen (AiF e.V.)
Funding Code: FKM-Nr.610332
Funding Lines: Industrielle Gemeinschaftsforschung (IGF)
Stakeholders / Contacts: Jan-Christopher Brand, B. Sc.
Heiko Adamczyk¹, Heiko Adamczyk, Tino Döhring, Prof. Dr. rer. nat. Stefan Heiss, Prof. Dr. rer. nat. Stefan Heiss²
Verfahren zur Identifikation und Analyse von IT Security Schwachstellen für Automatisierungsgeräte.
In: KommA, Nov 2010
¹ First Authors
² Last authors
Jan-Christopher Brand, B. Sc.¹, Jan-Christopher Brand, B. Sc., Prof. Dr. rer. nat. Stefan Heiss, Prof. Dr. rer. nat. Stefan Heiss²
Schwachstellen und Robustheitstests in der Automatisierungstechnik.
In: KommA, Nov 2012
¹ First Authors
² Last authors
Jan-Christopher Brand, B. Sc.¹, Jan-Christopher Brand, B. Sc., Tino Döhring, Thomas Werner, Christopher Tebbe, Stefan Hausmann, M. Sc., Prof. Karl-Heinz Niemann, Prof. Dr. rer. nat. Stefan Heiss, Prof. Dr. rer. nat. Stefan Heiss²
Analyse der IT-Security in der industriellen Automation.
In: AUTOMATION, Mar 2013
¹ First Authors
² Last authors
Master
Robustness Tests of AT Components
Jeetika Kataria
Study work
Evaluation of Vulnerability Testing Tools
Jeetika Kataria
Project work
Vulnerability tests of industrial automation component
Ehsan Bagheri
01.10.2011 till 01.02.2012
Research project
Vulnerability Tests von Netzwerkkomponenten
Patrick Bolduan
26.08.2010 till 26.08.2010
ifak - Institut für Automation und Kommunikation
Pilz GmbH & Co. KG
Hirschmann Automation und Control