ProVerif Proofs for Self-Healing Industrial Control System
Paper: A Malware-Tolerant, Self-Healing Industrial Control System Framework
Authors: Michael Denzel, Mark Ryan, Eike Ritter
See also: https://github.com/mdenzel/self-healing_FreeRTOS for the ARM TrustZone implementation of the self-healing Real-Time Operating System.
REMARK: ALL PROOFS REQUIRE PROVERIF v. 1.96!
Simply run the shellscript in the command-line:
$ sh ./run_all.sh
(tested on Fedora 25; ProVerif v. 1.96)
plc = Programmable Logic Controller 2oo3 = 2-out-of-3 circuit r = reset circuit success = proof reaches the end of the protocol YES = ProVerif file proves the property NO = ProVerif file does not prove the property
There is also a self-explanatory CONFIG section in
Running ProVerif Manually
Since there are 24 proofs for every configuration, we generate the proofs from
*.gen files using the C-pre-processor. The
run_all.sh script has an option
(ONLY_GENERATE) to generate the proofs without running them.
Afterwards the ProVerif files are in the sub-folder
can be run separately and are named by the compromised devices.
plc = compromised Programmable Logic Controller (PLC) 2oo3 = compromised 2-out-of-3 circuit r = compromised reset circuit
To run a proof, execute for example the following:
$ proverif ./proofs/proofs-selfhealing_proverif.gen/24_all_compromised.pv
success is a (dummy) secret which gets leaked at the end
of the protocol to indicate that it ran through. Thus,
when running manually, ProVerif should return
The attacker has the message success in phase 1. A trace has been found. RESULT not attacker_p1(success) is false.
All provided files in this repository are under the GNU General Public License 2.0 or later.