Discovering vulnerabilities in control system human-machine interface software

Journal of Systems and Software

Volumn 82, Issue 4, 2009, Pages 583-589

  McGrew, Robert Wesley ^a   Vaughn, Rayford B ^a  

^a MISSISSIPPI STATE UNIVERSITY   (United States)

Author keywords

Authentication; Education; HMI; SCADA; Security

Indexed keywords

APPLICATIONS; AUTHENTICATION; COMPUTER SOFTWARE; CURRICULA; HUMAN COMPUTER INTERACTION; MAN MACHINE SYSTEMS; SCADA SYSTEMS; SCHOOL BUILDINGS; SECURITY SYSTEMS;

APPLICATION SOFTWARES; CONTROL SYSTEM SOFTWARES; CRITICAL INFRASTRUCTURES; ENGINEERING AND COMPUTER SCIENCE; HMI; HUMAN-MACHINE INTERFACES; SCADA; SECURE SOFTWARE ENGINEERINGS; SECURITY; SOFTWARE APPLICATIONS; SOFTWARE ENGINEERS; SOFTWARE SECURITIES; SUPERVISORY CONTROL AND DATA ACQUISITIONS;

CONCURRENCY CONTROL;

EID: 62849096292     PISSN: 01641212     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jss.2008.12.049     Document Type: Article

References (23)

1. Combs, G., 2008. Wireshark network protocol analyzer. (Current July 2008).
2. Critical Infrastructure Protection Center. (Current 2008).
3. CVE, CVE-2008-0176. Heap-based buffer overflow in GE Fanuc CIMPLICITY HMI, 2008. (Current July 2008).
4. Department of Defense, 1983, 1985. Trusted Computer System Evaluation Criteria (Orange Book), DoD 5200.28-STD.
5. GE Fanuc, 2008. Proficy HMI/SCADA - iFIX - iFIX Technical Benefits, 2005. (Current July 2008).
6. Homeland Security Presidential Directive 7, 2003. Critical Infrastructure Identification, Prioritization, and Protection White House, December 17, 2003. (Current July 2008).
7. Immunity, Inc., 2008. Immunity Debugger. (Current July 2008).
8. Krebs, B., 2008. Cyber Incident Blamed for Nuclear Power Plant Shutdown, Washington Post, June 5, 2008. (Current July 2008).
9. McGrew, R., 2006. Hacking U3 Smart USB Drives. (Current July 2008).
10. Morrie, G., 1988. Building Secure Systems, Van Nostrand Reinhold.
11. Saltzer, J., Schroeder, M., 1974. The Protection of Information in Computer Systems, Communications of the ACM 17, 7 (July 1974), web: (Current July 2008).
12. United States Computer Emergency Readiness Team, VU#310355, 2008.
13. Vaughn, R., 1999. Software engineering and security engineering: an argument for merger, panel chair. In: 12th Conference on Software Engineering Education and Training (CSEE&T99) New Orleans, LA, March 22-24, 1999.
14. Vaughn, R., 1999. Computer security training and emerging software engineering degree programs, panel chair and presentation. In: 22nd National Information Systems Security Conference, October 1999.
15. Vaughn R. Software engineering degree programs, CROSSTALK. The Journal of Defense Software Engineering 13 13 (2000) 7-9
16. Vaughn, R., 2000. A report on industrial transfer of software engineering to the classroom environment. In: Thirteenth Conference on Software Engineering Education and Training, Austin TX, March 6-8, 2000.
17. Vaughn, R., 2000. Application of security to the computing science classroom - lessons learned. In: SIGCSE 2000 Technical Symposium, Austin TX, March 8-12, 2000.
18. Vaughn R. Ware to start?. The George Washington University Journal of Information Security 1 2 (2002) (July 2002 (published on CD-ROM))
19. Vaughn R., and Boggess E. Integration of computer security into software engineering and computer science programs. The Journal of Systems and Software 49 (1999) 149-153
20. Vaughn, R., Henning, R., 2001. Thoughts and experiences in provision of sufficient security - reflections on paths well traveled. In: Second Annual International Systems Security Engineering Conference, Orlando, Florida, February 28-March 2, 2001, pp. 179-184.
21. Vaughn R., Henning R., and Fox K. An empirical study of industrial security engineering practices. Journal of Systems and Software 61 3 (2002) 225-232
22. Ware, W., 1970. Security Controls for Computer Systems (U): Report of Defense Science Board Task Force on Computer Security; Rand Report R609-1, The RAND Corporation, Santa Monica, CA.
23. Weiss J., and Delson M. Cyber security of substation control and diagnostic systems. In: Grigsby L.L. (Ed). Electric Power Engineering Handbook (2007), CRC Press