Hi all,
I discovered a rather interesting (and alarming) behavior when doing some routine testing on a control system I work on.
The system has two pumps, A and B, which each infuse a unique substance into the system in order to control it. Years ago, I found that you could uniquely name a device in NI MAX so that every time it is plugged in, no matter the port, it shows under the same name in VISA controls.
Yesterday, I was explaining this to a colleague, and how NI MAX must have some sort of internal database which maps some unique identifier on the device to this alias. This is then communicated to running applications who request VISA resources through some proprietary protocol, indirectly connecting the applications to the hardware. As a proof of concept, I opened NI MAX while the application was running, renaming the alias of A to the alias of B and vice versa. Then, magically, pump A thought it was pump B and pump B thought it was pump A.
This obviously alarmed my colleague who was instantly thinking of the security risks of such behavior, which are indeed pretty grave for our application.
The fact that you can hotswap aliases with only a minor popup box warning that such an alias already exists, and have the same aliases refer to different devices with the application none the wiser is very cool from an architecture perspective, but not cool for the security risk.
In an ideal world, we'd still use aliases for initial setup, but would cache some specific device identifiers which uniquely identify the pumps so this hotswapping behavior does not occur. I know there's the Vendor ID and PID, but I don't think those are unique to every pump.
So, here's my question:
- How does NI MAX map these aliases uniquely (regardless of port, cable, plug in order etc) under the hood? Can an applications programmer access those mechanisms through VISA property nodes? If so, how?
