NECST Friday Talk
Breaking the laws of robotics: an experimental security analysis of an industrial robot controller
Davide Quarta
PhD student in System Security - Politecnico di Milano
DEIB - NECST Meeting Room (Building 20, basement floor)
May 19th, 2017
12.15 pm
Contacts:
Marco Santambrogio
Research Line:
System architectures
Davide Quarta
PhD student in System Security - Politecnico di Milano
DEIB - NECST Meeting Room (Building 20, basement floor)
May 19th, 2017
12.15 pm
Contacts:
Marco Santambrogio
Research Line:
System architectures
Sommario
Industrial robots, automated manufacturing, and efficient logistics processes are at the heart of the upcoming fourth industrial revolution. While there are seminal studies on the vulnerabilities of cyber-physical systems in the industry, as of today there has been no systematic analysis of the security of industrial robot controllers.
We examine the standard architecture of an industrial robot and analyze a concrete deployment from a systems security standpoint.
Then, we propose an attacker model and confront it with the minimal set of requirements that industrial robots should honor: precision in sensing the environment, correctness in execution of control logic, and safety for human operators.
Following an experimental and practical approach, we then show how our modeled attacker can subvert such requirements through the exploitation of software vulnerabilities, leading to severe consequences that are unique to the robotics domain. We conclude by discussing safety standards and security challenges in industrial robotics.
We examine the standard architecture of an industrial robot and analyze a concrete deployment from a systems security standpoint.
Then, we propose an attacker model and confront it with the minimal set of requirements that industrial robots should honor: precision in sensing the environment, correctness in execution of control logic, and safety for human operators.
Following an experimental and practical approach, we then show how our modeled attacker can subvert such requirements through the exploitation of software vulnerabilities, leading to severe consequences that are unique to the robotics domain. We conclude by discussing safety standards and security challenges in industrial robotics.