SECURITY VULNERABILITIES IN INDUSTRIAL PLC SOFTWARE: A TAXONOMY AND A SYSTEMATIC MAPPING STUDY

Abstract: In the past few years, there has been extensive use of Industrial Control Systems (ICSs) in various critical industries ranging from manufacturing, re neries, and automotive to power generation,wastewater, and power plants. Their deployment in critical infrastructures increased the need to ensure their security. As one of the main building blocks of ICSs, Programmable Logic Controllers(PLCs) are a central focus point for attackers. The  first step towards their security insurance is the identification of the vulnerabilities that can be exploited by malicious attackers that aim to compromise the system. This thesis contributes with a taxonomy and a systematic mapping study on security vulnerabilities in industrial PLC software. From a total of 554 studies, only 39 of them have been found relevant for our research. The information extracted from these studies focuses on security vulnerabilities, the attacks that exploit these vulnerabilities, and the possible solutions.The analysis of this information supports the following results: i) the most discussed vulnerabilities are related to authentication, encryption, network and operating system, ii) the most discussed attacks are denial of service, Stuxnet attack, and man in the middle attack, and iii) the most discussed solutions are anomaly detection mechanisms and encryption mechanisms. Moreover, this thesis contributes with a taxonomy that identifies and classifies ten vulnerabilities, 20 attacks,and 13 possible solutions related to security in industrial PLCs. These outcomes can contribute to researchers and practitioners working on the mitigation of security vulnerabilities and attacks inindustrial PLC software and ICSs.