000127649 001__ 127649
000127649 005__ 20240705134156.0
000127649 0247_ $$2doi$$a10.1016/j.cose.2023.103373
000127649 0248_ $$2sideral$$a134739
000127649 037__ $$aART-2023-134739
000127649 041__ $$aeng
000127649 100__ $$0(orcid)0000-0001-7982-0359$$aRodríguez, Ricardo J.$$uUniversidad de Zaragoza
000127649 245__ $$aMOSTO: A toolkit to facilitate security auditing of ICS devices using Modbus/TCP
000127649 260__ $$c2023
000127649 5060_ $$aAccess copy available to the general public$$fUnrestricted
000127649 5203_ $$aThe integration of the Internet into industrial plants has connected Industrial Control Systems (ICS) worldwide, resulting in an increase in the number of attack surfaces and the exposure of software and devices not originally intended for networking. In addition, the heterogeneity and technical obsolescence of ICS architectures, legacy hardware, and outdated software pose significant challenges. Since these systems control essential infrastructure such as power grids, water treatment plants, and transportation networks, security is of the utmost importance. Unfortunately, current methods for evaluating the security of ICS are often ad-hoc and difficult to formalize into a systematic evaluation methodology with predictable results. In this paper, we propose a practical method supported by a concrete toolkit for performing penetration testing in an industrial setting. The primary focus is on the Modbus/TCP protocol as the field control protocol. Our approach relies on a toolkit, named MOSTO, which is licensed under GNU GPL and enables auditors to assess the security of existing industrial control settings without interfering with ICS workflows. Furthermore, we present a model-driven framework that combines formal methods, testing techniques, and simulation to (formally) test security properties in ICS networks.
000127649 536__ $$9info:eu-repo/grantAgreement/ES/DGA/T21-23R$$9info:eu-repo/grantAgreement/EUR/MICINN/TED2021-131115A-I00
000127649 540__ $$9info:eu-repo/semantics/openAccess$$aby-nc-nd$$uhttp://creativecommons.org/licenses/by-nc-nd/3.0/es/
000127649 592__ $$a1.566$$b2023
000127649 593__ $$aLaw$$c2023$$dQ1
000127649 593__ $$aComputer Science (miscellaneous)$$c2023$$dQ1
000127649 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/publishedVersion
000127649 700__ $$aMarrone, Stefano
000127649 700__ $$aMarcos, Ibai
000127649 700__ $$aPorzio, Giuseppe
000127649 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf.
000127649 773__ $$g132 (2023), 103373 [12 pp.]$$pComput. secur.$$tCOMPUTERS & SECURITY$$x0167-4048
000127649 8564_ $$s3548094$$uhttps://zaguan.unizar.es/record/127649/files/texto_completo.pdf$$yVersión publicada
000127649 8564_ $$s2655081$$uhttps://zaguan.unizar.es/record/127649/files/texto_completo.jpg?subformat=icon$$xicon$$yVersión publicada
000127649 909CO $$ooai:zaguan.unizar.es:127649$$particulos$$pdriver
000127649 951__ $$a2024-07-05-12:49:48
000127649 980__ $$aARTICLE