GDL90fuzz: Fuzzing - GDL-90 Data Interface Specification Within Aviation Software and Avionics Devices–A Cybersecurity Pentesting Perspective
نویسندگان
چکیده
As the core technology of next-generation air transportation systems, Automatic Dependent Surveillance-Broadcast (ADS-B) is becoming very popular. However, many (if not most) ADS-B devices and implementations support rely on Garmin’s Datalink 90 (GDL-90) protocol for data exchange encapsulation. This makes it essential to investigate integrity GDL-90 especially against attacks subsystem availability, such as denial-of-service (DoS), which pose high risks safety-critical mission-critical systems in avionics aerospace. In this paper, we consider fuzzing options demonstrate practical DoS popular electronic flight bag (EFB) software operating mobile devices. Then present our own specially configured pentesting platform protocol. We captured legitimate traffic from ran samples through state-of-the-art American Fuzzy Lop (AFL) fed AFL’s output EFB apps decoding via network same manner would be sent other The results showed worrying critical lack security applications where directly related aircraft’s safe navigation. Out 16 tested configurations, managed crash or otherwise impact 9 (56%). observed problems manifested crashes, hangs, abnormal behaviors decoders during test. Our developed proposed systematic methodology devices, protocols, can used discover report vulnerabilities early possible.
منابع مشابه
User interface specification for interactive software systems
or low-fidelity prototypes are generally limited in function but only need limited prototyping effort. They usually do not require programming skills and coding. They are constructed to facilitate discussion of UI concepts and design alternatives, rather than to model the user interaction with a system. Low fidelity prototypes (see Figure 63, left) therefore mainly demonstrate the look, but rar...
متن کاملData Shader Language and Interface Specification
The process of visualizing a scienti c data set bene ts from an extensive knowledge of the domain in which the data set is created. Because an in-depth knowledge of all scienti c domains is not available to the creator of a visualization system, a exible and extensible system is essential in providing a productive tool to the scientist. One approach to providing this exibility is through a shad...
متن کاملH-Fuzzing: A New Heuristic Method for Fuzzing Data Generation
How to efficiently reduce the fuzzing data scale while assuring high fuzzing veracity and vulnerability coverage is a pivotal issue in program fuzz test. This paper proposes a new heuristic method for fuzzing data generation named with H-Fuzzing. H-Fuzzing achieves a high program execution path coverage by retrieving the static information and dynamic property from the program. Our experiments ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2022
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2022.3150840