DOI: 10.3390/computation14070149 ISSN: 2079-3197

Dynamic Defense Mechanism for Programmable Logic Controllers: A Heterogeneous Multi-Core Architecture with Rapid Nanosecond-Scale Threat Perception

Delei Nie, Jingjing Hu, Xin Wang, Yu Li, Jiangxing Wu, Farrukh Hanif, Renhai Feng

Existing PLC security solutions face a fundamental conflict between stringent real-time requirements and robust protection: traditional IT security mechanisms (e.g., encryption, authentication) introduce unacceptable latency, while software-based redundancy schemes operate at millisecond scale and remain vulnerable to common-cause failures. To bridge this gap, this study proposes MimicPLC v1.0, a dynamic defense mechanism based on a heterogeneous multi-core architecture that integrates threat perception, dynamic fault tolerance, and rapid recovery within a single chip, thereby reconciling real-time determinism with proactive security in industrial control systems. The architecture integrates three distinct CPU cores (MIPS, ARM, and RISC-V) within a single system-on-chip (ESC0830), coordinated by a dedicated hardware-based mimic scheduling subsystem. This subsystem performs real-time, loosely coupled, transaction-level consistency checks on the AHB-Lite bus operations of the heterogeneous processors, achieving nanosecond-scale arbitration latency for threat detection. We evaluate the proposed design using an industrial-strength testbed, incorporating a custom development board and the Synopsys Verdi simulation environment, under critical attack scenarios including Denial-of-Service (DoS), replay, code injection, and parameter overwrite attacks. The system maintains continuous operation through adaptive redundancy, demonstrating attack perception within 73 clock cycles and leveraging instruction-set asymmetry for effective threat containment. Rigorous validation, including 100 consecutive parameter override attacks, confirms a 100% interception rate within our tested attack scenarios, with zero false positives observed. The design complies with the IEC 61131-3 real-time standard, exhibiting a worst-case recovery duration of 9.3 ms and a 95% confidence interval for recovery latency of [4.0354, 4.0363] ms. This work pioneers a paradigm of rapid-detection endogenous security with nanosecond-scale arbitration for next-generation industrial control systems.

More from our Archive