Automatic Vulnerability Identification And Security Installation With Type Checking For Source Code

Cyber security has been an important issue for control systems, however, there may be a shortage of security experts in the near future. Most of security engineering methods focus only at high-level such as architectures, and do not consider the availability of the control system. In addition, it is often difficult use them without security expertise. In this paper, the author proposed a novel method for solving this problem. The method automatically identifies vulnerabilities in a source code using a formal and static method (type-checking), and fixes them by installing security functions accordingly. Since this approach is entirely automated, it can be seamlessly used by regular engineers, i.e. without security expertise. The authors implemented the method and experimentally investigated its effectiveness on a simple example including the characteristics typical of communicating control systems.