{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T09:01:25Z","timestamp":1773824485205,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471864","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"235-250","source":"Crossref","is-referenced-by-count":14,"title":["AttkFinder: Discovering Attack Vectors in PLC Programs using Information Flow Analysis"],"prefix":"10.1145","author":[{"given":"John H.","family":"Castellanos","sequence":"first","affiliation":[{"name":"Singapore University of Technology and Design, Singapore"}]},{"given":"Martin","family":"Ochoa","sequence":"additional","affiliation":[{"name":"AppGate Inc., US"}]},{"given":"Alvaro A.","family":"Cardenas","sequence":"additional","affiliation":[{"name":"UC Santa Cruz, US"}]},{"given":"Owen","family":"Arden","sequence":"additional","affiliation":[{"name":"University of California Santa Cruz, US"}]},{"given":"Jianying","family":"ZHOU","sequence":"additional","affiliation":[{"name":"Singapore University of Technology and Design, Singapore"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/3134600.3134618"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897855"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274748"},{"key":"e_1_3_2_1_4_1","volume-title":"Principles of cyber-physical systems","author":"Alur Rajeev","unstructured":"Rajeev Alur . 2015. Principles of cyber-physical systems . MIT Press . Rajeev Alur. 2015. Principles of cyber-physical systems. MIT Press."},{"key":"e_1_3_2_1_5_1","volume-title":"Cyber security of water SCADA systems\u2014Part I: Analysis and experimentation of stealthy deception attacks","author":"Amin Saurabh","year":"2012","unstructured":"Saurabh Amin , Xavier Litrico , Shankar Sastry , and Alexandre\u00a0 M Bayen . 2012. Cyber security of water SCADA systems\u2014Part I: Analysis and experimentation of stealthy deception attacks . IEEE Transactions on Control Systems Technology ( 2012 ). Saurabh Amin, Xavier Litrico, Shankar Sastry, and Alexandre\u00a0M Bayen. 2012. Cyber security of water SCADA systems\u2014Part I: Analysis and experimentation of stealthy deception attacks. IEEE Transactions on Control Systems Technology (2012)."},{"key":"e_1_3_2_1_6_1","volume-title":"The industrial control system cyber kill chain","author":"Assante J","year":"2015","unstructured":"Michael\u00a0 J Assante and Robert\u00a0 M Lee . 2015. The industrial control system cyber kill chain . SANS Institute InfoSec Reading Room( 2015 ). Michael\u00a0J Assante and Robert\u00a0M Lee. 2015. The industrial control system cyber kill chain. SANS Institute InfoSec Reading Room(2015)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1966913.1966959"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/3274694.3274745"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2018.00016"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"crossref","unstructured":"Yuqi Chen Christopher\u00a0M Poskitt Jun Sun Sridhar Adepu and Fan Zhang. 2019. Learning-guided network fuzzing for testing cyber-physical system defences. In Automated Software Engineering (ASE).  Yuqi Chen Christopher\u00a0M Poskitt Jun Sun Sridhar Adepu and Fan Zhang. 2019. Learning-guided network fuzzing for testing cyber-physical system defences. In Automated Software Engineering (ASE).","DOI":"10.1109\/ASE.2019.00093"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/3395363.3397376"},{"key":"e_1_3_2_1_13_1","volume-title":"TRITON: The first ICS cyber attack on safety instrument systems. Black Hat USA.","author":"Di\u00a0Pinto C\u00a0Alessandro","year":"2018","unstructured":"A C\u00a0Alessandro Di\u00a0Pinto , Younes Dragoni , and Andrea Carcano . 2018 . TRITON: The first ICS cyber attack on safety instrument systems. Black Hat USA. AC\u00a0Alessandro Di\u00a0Pinto, Younes Dragoni, and Andrea Carcano. 2018. TRITON: The first ICS cyber attack on safety instrument systems. Black Hat USA."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23265"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.desal.2011.01.051"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/MDAT.2017.2709310"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/3140241.3140254"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106245"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664277"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"crossref","unstructured":"Thomas\u00a0A Henzinger. 2000. The theory of hybrid automata. In Verification of digital and hybrid systems.  Thomas\u00a0A Henzinger. 2000. The theory of hybrid automata. In Verification of digital and hybrid systems.","DOI":"10.1007\/978-3-642-59615-5_13"},{"key":"e_1_3_2_1_21_1","volume-title":"Introduction to embedded systems: A cyber-physical systems approach","author":"Lee Edward\u00a0Ashford","unstructured":"Edward\u00a0Ashford Lee and Sanjit\u00a0 A Seshia . 2016. Introduction to embedded systems: A cyber-physical systems approach . Mit Press . Edward\u00a0Ashford Lee and Sanjit\u00a0A Seshia. 2016. Introduction to embedded systems: A cyber-physical systems approach. Mit Press."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196546"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523673"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382244"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23043"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3139337.3139347"},{"key":"e_1_3_2_1_27_1","unstructured":"Steven Muchnick 1997. Advanced compiler design implementation. Morgan kaufmann.  Steven Muchnick 1997. Advanced compiler design implementation. Morgan kaufmann."},{"key":"e_1_3_2_1_29_1","unstructured":"Rockwell\u00a0Automation Publication. 2018. Logix 5000 Controllers I\/O and Tag Data. Technical Report.  Rockwell\u00a0Automation Publication. 2018. Logix 5000 Controllers I\/O and Tag Data. Technical Report."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Ricardo\u00a0G Sanfelice. 2015. Analysis and design of cyber-physical systems: a hybrid control systems approach. Cyber-Physical Systems(2015).  Ricardo\u00a0G Sanfelice. 2015. Analysis and design of cyber-physical systems: a hybrid control systems approach. Cyber-Physical Systems(2015).","DOI":"10.1201\/b19290-3"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3384730"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_34_1","volume-title":"IEC 61131-3: Programming industrial automation systems","author":"Tiegelkamp Michael","unstructured":"Michael Tiegelkamp and Karl-Heinz John . 2010. IEC 61131-3: Programming industrial automation systems . Springer . Michael Tiegelkamp and Karl-Heinz John. 2010. IEC 61131-3: Programming industrial automation systems. Springer."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978388"},{"key":"e_1_3_2_1_36_1","volume-title":"Critical Vulnerabilities Found in WAGO Industrial Switches. https:\/\/www.securityweek.com\/critical-vulnerabilities-found-wago-industrial-switchesAvailable on","author":"Eduard","year":"2020","unstructured":"Eduard Kovacs\u00a0Security week. 2019. Critical Vulnerabilities Found in WAGO Industrial Switches. https:\/\/www.securityweek.com\/critical-vulnerabilities-found-wago-industrial-switchesAvailable on February 2020 . Eduard Kovacs\u00a0Security week. 2019. Critical Vulnerabilities Found in WAGO Industrial Switches. https:\/\/www.securityweek.com\/critical-vulnerabilities-found-wago-industrial-switchesAvailable on February 2020."},{"key":"e_1_3_2_1_37_1","volume-title":"On false data-injection attacks against power system state estimation: Modeling and countermeasures","author":"Yang Qingyu","year":"2013","unstructured":"Qingyu Yang , Jie Yang , Wei Yu , Dou An , Nan Zhang , and Wei Zhao . 2013. On false data-injection attacks against power system state estimation: Modeling and countermeasures . IEEE Transactions on Parallel and Distributed Systems ( 2013 ). Qingyu Yang, Jie Yang, Wei Yu, Dou An, Nan Zhang, and Wei Zhao. 2013. On false data-injection attacks against power system state estimation: Modeling and countermeasures. IEEE Transactions on Parallel and Distributed Systems (2013)."}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","location":"San Sebastian Spain","acronym":"RAID '21"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471864","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471864","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:49Z","timestamp":1750195489000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471864"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":34,"alternative-id":["10.1145\/3471621.3471864","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471864","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}