OTKRIVANJE SIGURNOSNIH PROPUSTA U SCADA SISTEMIMA METODOM FUZZ TESTIRANJA
نویسندگان
چکیده
منابع مشابه
Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing
Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work...
متن کاملAutomated Whitebox Fuzz Testing
Fuzz testing is an effective technique for finding security vulnerabilities in software. Traditionally, fuzz testing tools apply random mutations to well-formed inputs and test the program on the resulting values. We present an alternative whitebox fuzz testing approach inspired by recent advances in symbolic execution and dynamic test generation. Our approach records an actual run of a program...
متن کاملInstrumented Fuzz Testing Using AIR Integers
Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. In this paper, we present the as-if infinitely ranged (AIR) integer model, which provides a largely automated mechanism for eliminating integer overflow, truncation, and other integral exceptional conditions. The AIR integer model either produces a value equivalent to one that would have been obtain...
متن کاملOptimal Fuzz 1 Running Head: OPTIMAL LEVEL OF FUZZ The optimal level of fuzz: Case studies in a methodology for psychological research
Cognitive Science research is hard to conduct, because researchers must take phenomena from the world and turn them into laboratory tasks for which a reasonable level of experimental control can be achieved. Consequently, research necessarily makes tradeoffs between internal validity (experimental control) and external validity (the degree to which a task represents behavior outside of the lab)...
متن کاملLearn&Fuzz: machine learning for input fuzzing
Fuzzing consists of repeatedly testing an application with modified, or fuzzed, inputs with the goal of finding security vulnerabilities in input-parsing code. In this paper, we show how to automate the generation of an input grammar suitable for input fuzzing using sample inputs and neural-network-based statistical machine-learning techniques. We present a detailed case study with a complex in...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Zbornik radova Fakulteta tehničkih nauka u Novom Sadu
سال: 2020
ISSN: 2560-5925,0350-428X
DOI: 10.24867/07be12budnic