Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing

نویسندگان

  • Rebecca Shapiro
  • Sergey Bratus
  • Edmond Rogers
  • Sean W. Smith
چکیده

Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work best when the protocol semantics are known, targets can be instrumented and large network traces are available. This paper describes a fuzz-testing solution involving LZFuzz, an inline tool that provides a domain expert with the ability to effectively fuzz SCADA devices.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Do-it-yourself Scada Vulnerability Testing with Lzfuzz

Security vulnerabilities typically start with bugs: in input validation, and also in deeper application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal such bugs. However, for SCADA software used in critical infrastructure, the widespread use of proprietary protocols makes it difficult to app...

متن کامل

FUZZBUSTER: A System for Self-Adaptive Immunity from Cyber Threats

Today’s computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vu...

متن کامل

CAB-Fuzz: Practical Concolic Testing Techniques for COTS Operating Systems

Discovering the security vulnerabilities of commercial off-the-shelf (COTS) operating systems (OSes) is challenging because they not only are huge and complex, but also lack detailed debug information. Concolic testing, which generates all feasible inputs of a program by using symbolic execution and tests the program with the generated inputs, is one of the most promising approaches to solve th...

متن کامل

Improving SCADA Control Systems Security with Software Vulnerability Analysis

Cyber security threats and attacks are greatly affecting the security of critical infrastructure, industrial control systems, and Supervisory Control and Data Acquisition (SCADA) control systems. Despite growing awareness of security issues especially in SCADA networks, there exist little or scarce information about SCADA vulnerabilities and attacks. The emergence of Internet and World Wide Web...

متن کامل

Software Vulnerability Design and Approaches for Securing SCADA Control Systems

Despite growing awareness of security issues especially in SCADA networks, there exist little or scarce information about SCADA vulnerabilities and attacks. Where security has been a consideration, there has been no clear methodology to assess the security impacts brought about by attacks. Worst, there have been no or very little security tools that have been released publicly. This research ai...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2011