VuTAT: Vulnerability Tests of AT Components

Motivation

By an increasing use of standardized IT technologies in the field of automation, the use of TCP/IP based protocols and applications, which are already used successfully in office environments for many years, becomes possible. Using standard IT technologies and protocols allows the integration of field level components and networks in corporate networks or even the internet. This allows geographic independent command, control and maintenance of such components.

However, through the use of standardized technologies and the advanced interconnectivity, additional threats from malicious software (malware like viruses and worms) endanger the failure-free operation of plants networked in this way. Since the destructive effect of malware is based on the exploitation of vulnerabilities (in SW implementations and/or protocol usages), the use of vulnerability free components becomes very important for a secure and failure-free operation of such a plant.  

Project targets

The main target of the project is the development of a framework to analyze and identify vulnerabilities of different AT components, which are using Ethernet based communication protocols. The framework shall allow an easy application by non IT security specialist, in particular by developers and quality assurance personnel during the product development and testing phases. Finally, a PC based test environment shall be developed, which allows an almost automated application of the framework.