Wednesday, July 27, 2016

Tree structures processing and unified AST

The previous article in this series discussed the theory of source code parsing in ANTLR and Roslyn. The article pointed out that a signature-based code analysis in PT Application Inspector is divided into the following stages:
1.        Parsing into a language dependent representation (abstract syntax tree, AST).
2.        Converting AST to a language independent unified format (unified AST, UAST).
3.        A direct comparison with patterns described in the DSL.
The current article focuses on the second stage that includes AST processing using Visitor and Listener strategies, converting AST to a unified format, simplifying an AST, and the algorithm for matching tree structures.


          AST Traversing
         Visitor and Listener
         Grammar and Visitor in ANTLR
          Types of nodes in a unified AST
          Testing of converters
          Simplifying an UAST

Tuesday, July 19, 2016

A Positive Technologies Expert Helped to Protect ABB Digital Substations from Cyberattacks

Image credit: ABB    

 ABB, a Switzerland-based company that produces software for control systems in the energy industry, has acknowledged that its PCM600 suffers from four vulnerabilities related to insecure password storage. The one who detected and reported them to the vendor was Ilya Karpov, an ICS security expert from Positive Technologies.

As noted in the ICS-CERT advisory, the ABB engineer software for industrial automation management (protective relay, IED) is deployed in electric power substations around the world. PCM600s up to and including version 2.6 suffer from the vulnerabilities found by Ilya Karpov. Exploiting these flaws allows a low-skilled attacker or malicious software access a local machine that has ABB's PCM600 installed, reconfigure a project or obtain critical information to leverage read and write access via OPC.