| Summary: | <p>This dissertation describes vulnerability research in the area of critical infrastructure
security. The intent of this research is to develop a set of recommendations and guidelines
for improving the security of Industrial Control System (ICS) and Supervisory Control
and Data Acquisition systems software. Specifically, this research focuses on the Human-
Machine Interface (HMI) software that is used on control panel workstations.</p>
<p>This document covers a brief introduction to control systems security terminology in
order to define the research area, a hypothesis for the research, and a discussion of the
contribution that this research will provide to the field. Previous work in the area by other
researchers is summarized, followed by a description of the vulnerability research, analysis,
and creation of deliverables. Technical information on the details of a number of
vulnerabilities is presented for a number of HMI vulnerabilities, for which either the author
has performed the analysis, or from public vulnerability disclosures where sufficient
information about the vulnerabilities is available.</p>
<p>Following the body of technical vulnerability information, the common features and
characteristics of known vulnerabilities in HMI software are discussed, and that information
is used to propose a taxonomy of HMI vulnerabilities. Such a taxonomy can be used to
classify HMI vulnerabilities and organize future work on identifying and mitigating such
vulnerabilities in the future.</p>
<p>Finally, the contributions of this work are presented, along with a summary of areas
that have been identified as interesting future work.</p>
|
|---|
