A Wily Hare Has Three Havens: Combating Programmable Logic Controller Attacks via Virtualization Redundancy
Wenjie Wang, Yazhe Wang, Lei RenProgrammable Logic Controllers (PLCs) lack built-in security mechanisms, and their critical role in industrial control systems makes them prime targets for cyberattacks. Next-generation PLCs increasingly adopt embedded virtualization to partition functional domains and to integrate industrial control with advanced workloads on unified hardware. Nevertheless, many PLC vendors and researchers have largely overlooked the potential of virtualization to strengthen PLC security.
To address this gap, we propose TriHaven, an embedded virtualization-based security architecture for PLCs. TriHaven separates the PLC control loop and deploys its components in dedicated virtual machines, each with distinct design characteristics. By further implementing a redundancy-compare strategy for PLC control logic execution, TriHaven enables real-time attack detection and rapid emergency response through control switching, thereby mitigating diverse and previously unknown threats. Integrating virtualization with PLC redundancy introduces new challenges: security-preserving multi-VM scan-cycle design under real-time constraints, low-latency integrity-safe cross-domain I/O exchange, and secure synchronization of a network-isolated standby PLC, solving a consistency problem absent in prior redundancy designs.
Using the Jailhouse virtualization, experiments on OpenPLC and Beremiz--two open-source PLC runtimes--demonstrate the feasibility of TriHaven while preserving essential security objectives, under the standard assumption that the PLC hardware and its underlying hypervisor remain physically protected and trustworthy.