Vulnerability analysis case studies of control systems human machine interfaces

• Main Author: McGrew, Robert Wesley
• Other Authors: Rayford B. Vaughn Jr.
• Format: Others
• Language: en
• Published: MSSTATE 2013
• Subjects: Computer Science and Engineering
• Online Access: http://sun.library.msstate.edu/ETD-db/theses/available/etd-03192013-130105/

<p>This dissertation describes vulnerability research in the area of critical infrastructure security. The intent of this research is to develop a set of recommendations and guidelines for improving the security of Industrial Control System (ICS) and Supervisory Control and Data Acquisition systems software. Specifically, this research focuses on the Human- Machine Interface (HMI) software that is used on control panel workstations.</p> <p>This document covers a brief introduction to control systems security terminology in order to define the research area, a hypothesis for the research, and a discussion of the contribution that this research will provide to the field. Previous work in the area by other researchers is summarized, followed by a description of the vulnerability research, analysis, and creation of deliverables. Technical information on the details of a number of vulnerabilities is presented for a number of HMI vulnerabilities, for which either the author has performed the analysis, or from public vulnerability disclosures where sufficient information about the vulnerabilities is available.</p> <p>Following the body of technical vulnerability information, the common features and characteristics of known vulnerabilities in HMI software are discussed, and that information is used to propose a taxonomy of HMI vulnerabilities. Such a taxonomy can be used to classify HMI vulnerabilities and organize future work on identifying and mitigating such vulnerabilities in the future.</p> <p>Finally, the contributions of this work are presented, along with a summary of areas that have been identified as interesting future work.</p>