Graduate School and Research Center in Digital Sciences

Detecting insecure code patterns in industrial robot programs

Pogliani, Marcello; Maggi, Federico; Balduzzi, Marco; Quarta, Davide; Zanero, Stefano

ASIACCS 2020, 15th ACM Asia Conference on Computer and Communications Security, 5-9 October 2020, Taipei, Taiwan

Industrial robots are complex and customizable machines that can be programmed with proprietary domain-specific languages. These languages provide not only movement instructions, but also access to low-level system resources such as the network or the file system. Although useful, these features can lead to taint-style vulnerabilities and can be misused to implement malware—on par with generalpurpose programming languages. In this paper, we analyze the languages of 8 leading industrial robot vendors, systematize their technical features, and discuss cases of vulnerable and malicious uses. We then describe a static source-code analyzer that we created to analyze robotic programs and discover insecure or potentially malicious code paths. We focused our proof-of-concept implementation on two popular languages, namely ABB’s RAPID and KUKA’s KRL. By evaluating our tool on a set of publicly available programs, we show that insecure patterns are found in real-world code; therefore, static source-code analysis is an effective security screening mechanism, for example to prevent commissioning insecure or malicious industrial task programs. Finally, we discuss remediation steps that developers and vendors can adopt to mitigate such issues.

Document Bibtex

Title:Detecting insecure code patterns in industrial robot programs
Keywords:industrial robotics; security vulnerabilities; robot programming
Type:Conference
Language:English
City:Taipei
Country:TAIWAN, PROVINCE OF CHINA
Date:
Department:Digital Security
Eurecom ref:6317
Copyright: © ACM, 2020. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ASIACCS 2020, 15th ACM Asia Conference on Computer and Communications Security, 5-9 October 2020, Taipei, Taiwan
Bibtex: @inproceedings{EURECOM+6317, year = {2020}, title = {{D}etecting insecure code patterns in industrial robot programs}, author = {{P}ogliani, {M}arcello and {M}aggi, {F}ederico and {B}alduzzi, {M}arco and {Q}uarta, {D}avide and {Z}anero, {S}tefano}, booktitle = {{ASIACCS} 2020, 15th {ACM} {A}sia {C}onference on {C}omputer and {C}ommunications {S}ecurity, 5-9 {O}ctober 2020, {T}aipei, {T}aiwan}, address = {{T}aipei, {TAIWAN}, {PROVINCE} {OF} {CHINA}}, month = {10}, url = {http://www.eurecom.fr/publication/6317} }