TY - GEN
T1 - Static Code Analysis of IEC 61131-3 ST Programs via Symbolic Execution
AU - Zhao, Mengyan
AU - Huang, Yanhong
AU - Shi, Jianqi
AU - Chen, Yinghao
AU - Yang, Yang
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - A Programmable Logic Controller (PLC) is an essentially domain-specific computer used to control physical equipment and is widely used in industrial control fields. It plays a crucial role in automating complex processes for industrial automation systems, requiring high reliability as code vulnerabilities can potentially lead to disasters. Therefore, vulnerability detection in PLC programs is of significant importance. However, the availability of tools supporting vulnerability detection in PLC programming languages is limited. This paper attempts to improve industrial security from the perspective of code security and proposes a static code analysis approach specifically designed for IEC 61131-3 Structured Text (ST) programs. This approach uses structural pattern matching and symbolic execution technology to identify program defects and improve quality by detecting problematic code structures and potential issues early in the development process, thereby reducing the debugging effort required during developments. Considering the characteristic of periodic loop execution in PLCs, we introduce the loop unwinding technique to collect constraints from subsequent execution cycles for detection purposes. Based on the aforementioned approach, we implement a static code analysis tool, ST-Checker and make a series of evaluations. The experimental results show that this method is feasible and can detect potential defects that existing PLC compilers cannot detect, improving the precision of defect detection with data dependencies.
AB - A Programmable Logic Controller (PLC) is an essentially domain-specific computer used to control physical equipment and is widely used in industrial control fields. It plays a crucial role in automating complex processes for industrial automation systems, requiring high reliability as code vulnerabilities can potentially lead to disasters. Therefore, vulnerability detection in PLC programs is of significant importance. However, the availability of tools supporting vulnerability detection in PLC programming languages is limited. This paper attempts to improve industrial security from the perspective of code security and proposes a static code analysis approach specifically designed for IEC 61131-3 Structured Text (ST) programs. This approach uses structural pattern matching and symbolic execution technology to identify program defects and improve quality by detecting problematic code structures and potential issues early in the development process, thereby reducing the debugging effort required during developments. Considering the characteristic of periodic loop execution in PLCs, we introduce the loop unwinding technique to collect constraints from subsequent execution cycles for detection purposes. Based on the aforementioned approach, we implement a static code analysis tool, ST-Checker and make a series of evaluations. The experimental results show that this method is feasible and can detect potential defects that existing PLC compilers cannot detect, improving the precision of defect detection with data dependencies.
KW - Code Security
KW - IEC 61131-3 Standard
KW - Programmable Logic Controller (PLC)
KW - Static Code Analysis
UR - https://www.scopus.com/pages/publications/85217866814
U2 - 10.1109/SMC54092.2024.10831127
DO - 10.1109/SMC54092.2024.10831127
M3 - 会议稿件
AN - SCOPUS:85217866814
T3 - Conference Proceedings - IEEE International Conference on Systems, Man and Cybernetics
SP - 1510
EP - 1517
BT - 2024 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2024 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2024
Y2 - 6 October 2024 through 10 October 2024
ER -