OTRazor: Static Code Analysis for Vulnerability Discovery in Industrial Automation Scripts

Дата: 26.02.2021. Автор: CISO CLUB. Категории: Подкасты и видео по информационной безопасности

In this talk, we delve into industrial robot programming, focusing on the security issues arising from the design and implementation choices of these platforms.

After describing the technical features of the languages by eight leading manufacturers, we’ll share several cases of vulnerable and malicious usage. We’ll then present a static code analyzer that we created and patented, to scan robotic programs and discover unsafe code patterns. Our evaluation on 50 automation programs show that unsafe patterns are indeed found in real-world code, and that static source code analysis is an effective defense tool in the short term. We conclude by discussing the remediation steps that can be adopted by developers and vendors to mitigate such issues in the medium and long term.

By Federico Maggi, Marcello Pogliani, Davide Quarta, Stefano Zanero, Marco Balduzzi

Full Abstract & Presentation Materials: https://www.blackhat.com/us-20/briefings/schedule/#otrazor-static-code-analysis-for-vulnerability-discovery-in-industrial-automation-scripts-19523


Об авторе CISO CLUB

Редакция портала cisoclub.ru. Добавляйте ваш материал на сайт в разделе "Разместить публикацию".
Читать все записи автора CISO CLUB

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *