IDENTIFYING SECURITY VULNERABILITIES IN SCADA SYSTEMS VIA FUZZ TESTING METHOD
DOI:
https://doi.org/10.24867/07BE12BudnicKeywords:
SCADA security, Modbus protocol, fuzz testingAbstract
This paper describes the problems that arise from vulnerabilities in program development. The fuzz method for finding security leaks is explained. Fuzz methods are relatively commonly used in widespread IT systems such as web systems, but in the case of SCADA systems, where there are various protocols, including proprietary ones, there is no uniform and accessible solution for fuzz testing. Therefore, the aim of the paper is to explore approaches and propose extensions to existing platforms to enable SCADA fuzz testing.
References
[1] Kyle Coffey, Richard Smith, Leandros Maglaras and Helge Janicke, Vulnerability Analysis of Network Scanning on SCADA Systems, 2018
[2] Mehdi Sabraoui, Jeffery L. Hieb, and James H. Graham, Protocol Fuzzing for Cyber Security and Hardening of Industrial Control Systems, 2014
[3] Hyunguk Yoo, Taeshik Shon, Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol, 2016
[4] Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith, Do it yourself SCADA vulnerability testing with lzfuzz, 2011
[5] Branislav Atlagić, Softver sa kritičnim odzivom, projektovanje SCADA sistema, 2015
[6] Frances Cleveland, IEC TC57 Security Standards for the Power System's Information Infrastructure – Beyond Simple Encription, 2006
[7] Sergey Bratus, Axel Hansen, Anna Shubina, LZfuzz: a fast compression-based fuzzer for poorly documented protocols, 2008
[8] Peach alat (https://www.peach.tech/products/peach-fuzzer/) (pristupljeno u septembru 2019)
[2] Mehdi Sabraoui, Jeffery L. Hieb, and James H. Graham, Protocol Fuzzing for Cyber Security and Hardening of Industrial Control Systems, 2014
[3] Hyunguk Yoo, Taeshik Shon, Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol, 2016
[4] Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith, Do it yourself SCADA vulnerability testing with lzfuzz, 2011
[5] Branislav Atlagić, Softver sa kritičnim odzivom, projektovanje SCADA sistema, 2015
[6] Frances Cleveland, IEC TC57 Security Standards for the Power System's Information Infrastructure – Beyond Simple Encription, 2006
[7] Sergey Bratus, Axel Hansen, Anna Shubina, LZfuzz: a fast compression-based fuzzer for poorly documented protocols, 2008
[8] Peach alat (https://www.peach.tech/products/peach-fuzzer/) (pristupljeno u septembru 2019)
Downloads
Published
2020-02-22
Issue
Section
Electrotechnical and Computer Engineering
