Rockwell Automation 1785-Lx6B, D17856.5.13 User Manual

PLC-5 Protected Processors

(Cat. No. 1785-L26B, -L46B, and -L86B)

Supplement

Important User Information

Because of the variety of uses for the products described in this publication,
those responsible for the application and use of this control equipment must
satisfy themselves that all necessary steps have been taken to assure that each
application and use meets all performance and safety requirements, including
any applicable laws, regulations, codes, and standards.

The illustrations, charts, sample programs and layout examples shown in this
guide are intended solely for purposes of example. Since there are many
variables and requirements associated with any particular installation,
Allen-Bradley does not assume responsibility or liability (to include
intellectual property liability) for actual use based on the examples shown
in this publication.

Allen-Bradley publication SGI-1.1, Safety Guidelines for the Application,
Installation, and Maintenance of Solid-State Control (available from your
local Allen-Bradley office), describes some important differences between
solid-state equipment and electromechanical devices that should be taken
into consideration when applying products such as those described in this
publication.

Reproduction of the contents of this copyrighted publication, in whole or in
part, without written permission of Allen-Bradley Company, Inc., is prohibited.

Throughout this manual, we use notes to make you aware of safety
considerations:

ATTENTION: Identifies information about practices or
circumstances that can lead to personal injury or death,
property damage or economic loss.

Attention statements help you to:

identify a hazard
avoid the hazard
recognize the consequences

Important: Identifies information that is critical for successful application
and understanding of the product.

Data Highway Plus, DH+, PLC-5/11, PLC-5/20, PLC–5/20E, PLC-5/26, PLC-5/30, PLC-5/V30,

PLC-5/40, PLC-5/40E, PLC-5/40L, PLC-5/V40, PLC-5/V40L, PLC-5/46, PLC-5/60, PLC-5/60L,
PLC-5/80, PLC-5/80E, PLC-5/86, and PLC-5/250 are trademarks of Allen-Bradley Company, Inc.

PLC and PLC-5 are registered trademarks of Allen-Bradley Company, Inc.

Using This Supplement

Preface

Introduction

Audience

Contents

This supplement describes how to use the security features provided
by a PLC-5/26t, PLC-5/46t, or PLC-5/86t protected processor.

The information in this supplement is intended primarily for the
system administrator—a user with unique privileges who can
control access to critical areas of the protected processor’s program.
End users—operators with restricted access to the processor’s program
—can also benefit from reading this supplement.

You should be an engineer or technician with a background in
control-system application, and you should be familiar with:

• programmable real-time control systems

• the PLC-5

• your operation’s basic security requirements

If you want to read about: See chapter:

Planning for a protected system
Configuring passwords and privileges 2
Configuring and using data-table element protection 3

R

control system

1

Terminology

Term Definition

DTEP
End user User of a protected processor who, typically, cannot modify privileges or passwords and therefore

Class One of four administrator-defined groups of privileges allowing a user to perform specific processor

Screened command Communications command used in the interface between the processor and the programming

System administrator User of a protected processor who, typically, can modify privileges and passwords and therefore

Privilege

Data-table element protection

does not have the authority to override the DTEP provided by the processor

command operations; each class is accessed by an administrator-assigned password

software that is screened for violations of the protection mechanisms provided by the PLC-5
protected processor

does have the authority to override the DTEP provided by the processor
Ability to perform a command operation supported by the PLC-5 protected processor, including any

of the following:

• modify privileges

• data-table file create/delete

• program file create/delete

• logical write

• physical write

• logical read

• physical read

• mode change

• I/O force

• sequential function chart (SFC) force

• clear memory

• restore

• online edit

i

Preface

Using

This Supplement

Related Publications

1785 Enhanced

PLC-5 Processor

System Overview

Overview of processor

functionality, system

benefits, and

operating features

1785-2.36

Enhanced & Ethernet PLC-5

Programmable Controllers

User Manual

How to configure,

program, and operate

your processor

1785-6.5.12

PLC-5

Programming Software

Programming

Creating/managing files,

saving/restoring files,

importing/exporting files

creating/editing SFCs,
creating/editing ladder

The 1785 PLC-5 Programmable Controller documentation is organized into
manuals according to the tasks that you perform.

1785 PLC-5

Programmable Controllers

Design Manual

Explanation of processor

functionality, system

design, and programming

considerations

1785-6.2.1

1785 PLC-5

Programmable Controllers

Quick Reference

Quick access to switches,

status bits, indicators,

instructions, SW screens

1785-7.1

PLC-5

Programming Software

Software Configuration

and Maintenance

Installing software, defining
data-table files, configuring
processor, checking status,

clearing faults

1785 PLC-5

Programmable Controllers

Design Worksheets

orksheets to help the

W

designer plan the system

and the installer to

install the system

1785-5.2

PLC-5

Programming Software

Instruction Set

Reference

Instruction execution,

parameters, status
bits and examples

6200-6.4.11

PLC-5

Programming Software

I/O Configuration

Configuring

intelligent

I/O modules

Enhanced PLC-5

Programmable Controllers

Installation Instructions

How to install and set

switches for chassis and

processor; how to wire and

ground your system

1785-2.38

PLC-5

Protected Processors

Supplement

How to configure

your processor

for protected operation

1785-6.5.13

PLC-5

Structured Text

User Manual

Creating/editing

structured-text programs

(Optional)

The supplement
that you are
currently reading

6200-6.4.7

6200-6.4.6

6200-6.4.12

6200-6.4.18

For more information on 1785 PLC-5 programmable controllers or the above
publications, contact your local Allen-Bradley sales office, distributor, or
system integrator.

ii

Table of Contents

T

able of Contents

PLC-5 Protected Processor
Supplement

Planning for a
Protected System

Configuring Passwords
and Privileges

Chapter 1

Introduction 1–1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Features 1–1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Requirements 1–2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Implementation Guidelines 1–2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Chapter 2

Using This Chapter 2–1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Guidelines for Assigning Passwords and Privileges 2–2. . . . . . . . . . . . . . .

Assigning Passwords and Privileges to Classes 2–3. . . . . . . . . . . . . . . . . . .

Assigning Default Privilege Classes to Communication Channels

and Offline Files 2–6. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Assigning Read and Write Privileges for Communication Channels 2–7. .

Assigning Privileges for Specific Stations/Nodes 2–8. . . . . . . . . . . . . . . . .

Assigning Read and Write Privileges for a Program File 2–9. . . . . . . . . . .

Assigning Privileges for a Data-Table File 2–10. . . . . . . . . . . . . . . . . . . . . .

Restoring Default Privilege Classes 2–11. . . . . . . . . . . . . . . . . . . . . . . . . . . .

Changing to a Different Class 2–11. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring and Using
Data-Table Element
Protection

Chapter 3

Using This Chapter 3–1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Creating a Protection File 3–1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Initiating the Protection Mechanism 3–2. . . . . . . . . . . . . . . . . . . . . . . . . . .

Entering Data-Table Ranges into the Protection File 3–3. . . . . . . . . . . . . . .

Screening Commands 3–5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Protecting from Offline Changes 3–5. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Understanding Restrictions Placed on the System 3–6. . . . . . . . . . . . . . . . .

Testing the Protection File 3–8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

i

Chapter

1

Planning for a Protected System

Introduction

The PLC-5 protected processor’s security features are designed to limit
access to critical areas of your program:

• providing for more consistent operation of your machine/process

• helping you reduce the risks associated with unauthorized

program modification
The protected processor is designed to improve security by helping

you prevent:

• I/O forcing of specific module groups

• unauthorized manipulation of specific segments of data-table

words through

- write commands

- output instructions

If you want to read about: Go to page:

Features of a protected processor
Requirements for a protected processor 1-2
Guidelines for implementing a protected system 1-2

1-1

Features

ATTENTION: Protected processors alone cannot ensure PLC
system security. System security comes from a combination of
the protected processor, the software, and application expertise.

All enhanced PLC-5 processors (PLC-5/11, -5/20, –5/20E, -5/26, -5/30,

-5/V30, -5/40, -5/40E, -5/40L, -5/V40, -5/V40L, -5/46, -5/60, -5/60L, -5/80,

-5/80E, and -5/86) allow a system administrator to set from one to four
password-protected privilege classes and to define each class by providing
it with access to a unique combination of software operations. As system
administrator, you can also set read and write privileges limiting access to:

• communications channels

• program files

• data files

• nodes attached to the Data Highway Plus (DH+) link

Important: You must enable the passwords-and-privileges function when
you first install your 6200 Series Programming Software if you want to use
the protection features of your processor.

1-1

Chapter 1

Planning for a Protected System

Requirements

Implementation Guidelines

To control: Enhanced PLC-5 processors let you:

I/O Forcing

Data-Table Write

PLC-5/26, -5/46, or -5/86 Programmable Controller

(1785-L26B, -L46B, or -L86B; Series C, Revision G or later)

Allow or disallow the I/O-Force privilege
for a class of users

Gives only total or no control

 Allow or disallow the Logical-Write

privilege for a class of users

Gives only total or no control

 Set read-only protection on

particular files

Neither mechanism prevents any user
from writing logic that bypasses the
protections in order to modify a specific
data-table location

Hardware Required Software Required

In addition, protected processors
let you use DTEP to:

Prevent modification of specific
module groups by I/O forcing
initiated by an end user

Prevent writes to specific segments
of data-table words by:

 sending write commands directly

to the data table

 adding or modifying ladder

instructions that can write to the
protected area

6200 Series PLC-5 Programming

Software, Release 5.0 or later

After you finish designing a PLC-5 protected-processor system, your primary
role as system administrator becomes preventing end users from defeating
whatever security mechanisms you designed into the system.

Main Design of System Complete

System Administrator Determines Which Privileged Areas Require Protection

What classes of users need to be accommodated?

Which features do they need to access?

System Administrator Identifies Which Portions of Memory Require Protection

In what areas of which data or program files would alterations interfere with the intended operation?

System Administrator Sets Up and Tests

Passwords and privileges

DTEP mechanism

System Administrator Turns System Over to End User

Keeps privilege to modify privileges

1-2

Passwords and Privileges

Chapter 1

Planning for a Protected System

Tip

Maintaining control over the

privilege to modify privileges

is critical to the successful use
of the DTEP mechanism.

The privilege classes in a PLC-5 processor are not necessarily hierarchical.
Class-1 privileges are considered “higher” than the others only because no
one can remove the privilege to modify privileges from class 1. It would be
logical for you, as system administrator, to treat class 1 as the highest class
and then define privileges accordingly, working down to class 4. Typically,
you should grant the privilege to modify privileges only to the highest level
and never reveal that password to other users. Because of this, you must
anticipate end-user needs and set up passwords and privileges accordingly.

As system administrator, you should protect critical program and data
files according to your needs—e.g., by setting these files to “read only”
or “no read, no write” for all classes other than class 1. This protects
against any modification of your logic and also determines which program
files are screened during download mode. You should also configure all
communications channels—including currently unused channels—to
appropriate privilege classes.

Data-Table Element Protection

The PLC-5 protected processor’s unique security features allow you to define
areas of memory that cannot be altered by anyone other than a class-1 user.
During online programming by end users, the PLC-5 protected processor acts
as a filter to screen and prevent requests to:

• add ladder code that could write to or otherwise manipulate protected

data-table addresses

• modify protected

- data-table words through write operations

- I/O image elements through I/O forcing

When: And: This happens:

The end user is
not authorized to
modify privileges

DTEP is enabled

The processor status file contains the
value for a DTEP file (see page 3-2)

A screened command request is received
by the processor (see page 3-5)

DTEP is enabled

The screening option occurs
during online program editing

1-3

Chapter 1

Planning for a Protected System

Tip

The status-file location
of the value for the
DTEP file (S:63) is
protected automatically;
therefore, you do not
have to protect it individually.

Examples of memory areas that you should protect using the DTEP
mechanism might include:

• security-critical output words

• certain counter, timer, or BT/MG/PD control structures

• integer storage registers

• data-table words used to specify indirect addresses in critical data tables

• processor status file words that configure the system, such as:

Word(s) Use

S:9
S:26 User control bits
S:29 Fault routine number
S:30-31 Selectable timed interrupt (STI) configuration
S:46-50 Processor input interrupt (PII) configuration
S:54
S:56
S:77 Communication time slice

S:78-123

①

If you are verifying that performance parameters are not violated, for example.

Maximum scan time

STI maximum scan time
PII maximum scan time

Main control program (MCP) configuration and individual MCP
maximum scan times

①

①

①

①

As system administrator, you can give end users some flexibility in
integrating a system but still maintain control over critical STI, PII, or
fault-routine logic. After securing the above registers with DTEP, you
can define a number of unprotected empty ladder files and include jumps
to subroutines (JSRs) specifying these files at the end of critical routines.
The end user can then add logic to an STI, for example, without opening
the actual STI file for modification.

The DTEP mechanism also provides for certain protections against
unauthorized changes made by an end user using offline programming
software:

• During downloading of a protected processor image file, the protected

processor screens all end-user ladder-type program files—including
structured-text and SFC files—for operands violating the DTEP ranges.

• I/O force operations cannot be downloaded; therefore, they must be done

on line.

• Offline changes made to the values stored in protected data-table

locations can be nullified if you, the system administrator, follow good
programming practices and initialize all data-table locations to
their desired values off of the processor’s first scan flag (S:1/15).

1-4

Chapter 1

Planning for a Protected System

S:17

11

S:17

ASCII
File

CTU
COUNT UP
Counter
Preset
Accum

U

11

As a means of monitoring end-user attempts to bypass security mechanisms,
you can monitor the status-file minor-fault bit (S:17/11). This bit indicates a
protection-violation attempt. It can be used to count intrusion attempts if you
add a rung of ladder logic that increments a counter and clears the minor­fault bit on each attempt.

C5:0

10

CU

DN

0

Program-File Conversion Rules

Follow the rules outlined below when sharing program files among
standard enhanced PLC-5 processors and PLC-5 protected processors.

Protected (PLC-5/x6) Processor Standard (PLC-5/x0) Processor

Cannot export/import ASCII files

to/from a protected processor

X

Can save/restore protected-processor
files to protected processor

PLC-5/x
Processor

Can restore standard-processor

files to protected processor

6

PLC-5/x0
Offline File

Can convert protected-processor files
to files for different protected processor

PLC-5/x6
Offline File

PLC-5/x6
Offline File

PLC-5/x6
Offline File

Cannot restore protected-processor

files to standard processor

X

Can convert standard-processor

files to protected-processor files

Cannot convert protected-processor

files to standard-processor files

X

PLC-5/x0
Processor

PLC-5/x0
Offline File

PLC-5/x0
Offline File

1-5