Research Topic Number 1 - System Security for ICS
Recently, industrial control systems (ICS) for critical infrastructure, such as power plants and water distribution control and management systems, have been digitalized. While the digitalization achieves sophistication of data driven O&M and optimization of the control algorithm, there are emerging cyber threats against industrial control system as well as vulnerability exploitation and sensitive data exfiltration. Many sophisticated attacks exploit zero-day vulnerabilities. Since exploitation of a vulnerability in such systems may cause severe consequences in the physical world, it is a heavy responsibility of system/device vendor including Toshiba to mitigate vulnerabilities and attack surface. While the mitigation can be done through vulnerability testing and exploit synthesis using binary program analysis and cyber attacks such as penetration test, there are remaining challenges specific to ICS such as timing constraint consideration, non-standard instruction set and byte code interpreters. Furthermore, data utilization of the infrastructure control field also follows increasingly by progress of AI technology etc., and we expect growing needs for the data protection technology and security protocols that ensure both analyzability and security (to leak with a disclosure risk of sensitive information).
Expected Research Proposals
A) Security Verification for Software Implementation in industrial control systems and devices, in detail, finding vulnerabilities, composing attacks and/or synthesizing patches technology for binary programs and systems. There have already been many studies in this field, so it is important to extend existing techniques with new idea to apply them to industrial control system and devices.
B) Data protection technology and data protection protocols suitable for industrial control system, such as, on the premise of multiple systems, a secure search of various O&M data and a secure fault prediction/detection technique of the system, furthermore industrial data analysis without exposing sensitive information, such as searchable encryption.
 T. Avgerinos, et al. AEG: Automatic Exploit Generation. In Proc. of NDSS, 2011.
 P. Godefroid, et al. Automated Whitebox Fuzz Testing. In Proc. of NDSS, 2008.
 Nakanishi, et al. Automated Attack Path Planning and Validation (A2P2V). BlackHat USA Arsenal, 2021
 Komano, et al., Toward Highly Secure Metering Data Management in the Smart Grid, https://www.imi.kyushu-u.ac.jp/wp-content/uploads/2022/07/mil_73.pdf, pp.113-120
 Start of Project to Verify Open Platform Aggregation Business,