HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Journal articles

Formally and Practically Verifying Flow Integrity Properties in Industrial Systems

Abstract : Industrial systems are nowadays regularly the target of cyberattacks, the most famous being Stuxnet. At the same time such systems are increasingly interconnected with other systems and insecure media such as Internet. In contrast to other IT systems, industrial systems often do not only require classical properties like data confidentiality or authentication of the communication, but have special needs due to their interaction with physical world. For example, the reordering or deletion of some commands sent to a machine can cause the system to enter an unsafe state with potentially catastrophic effects. To prevent such attacks, the integrity of the message flow is necessary. We provide a formal definition of Flow Integrity. We apply our definitions to two well-known industrial protocols: OPC-UA and MODBUS. Using TAMARIN, a cryptographic protocol verification tool, we confirm that most of the secure modes of these protocols ensure Flow Integrity given a resilient network. However, we also identify weaknesses in a supposedly secure version of MODBUS, as well as subtleties in the handling of sequence numbers in OPC-UA. We also practically examine an OPC-UA stack named python-opcua, where some of the subtleties are not handled correctly.
Document type :
Journal articles
Complete list of metadata

Cited literature [34 references]  Display  Hide  Download

Contributor : Jannik Dreier Connect in order to contact the contributor
Submitted on : Monday, September 30, 2019 - 4:52:05 PM
Last modification on : Friday, February 4, 2022 - 3:11:55 AM




Jannik Dreier, Maxime Puys, Marie-Laure Potet, Pascal Lafourcade, Jean-Louis Roch. Formally and Practically Verifying Flow Integrity Properties in Industrial Systems. Computers and Security, Elsevier, 2018, 86, pp.453-470. ⟨10.1016/j.cose.2018.09.018⟩. ⟨hal-01959766v2⟩



Record views


Files downloads