Handling Malicious Code on Control Systems.

After the 911 terrorist attacks, the American government thoroughly investigated the vulnerabilities of infrastructure environment and found that the lack of security protection of most automated control systems is a vulnerable point. In order to ensure security in control systems, it is urgent to investigate the issue of potential malicious code, especially that made by insiders. This paper first discusses the undecidability of identifying all kinds of malicious code on control systems. However, effort to analyzing malicious code pays since it may increase the difficulty of insider attacks and improve the safety and security of the system. This paper then classifies malicious codes based on control system characteristics. The potential malicious code classifications include time-dependent, data-dependent, behavior-dependent, input-dependent, violation of a certain theorem, and so on. Finally, the paper presents possible approaches to prevention and detection of malicious code on control systems. [ABSTRACT FROM AUTHOR]