Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing

Abstract : Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work best when the protocol semantics are known, targets can be instrumented and large network traces are available. This paper describes a fuzz-testing solution involving LZFuzz, an inline tool that provides a domain expert with the ability to effectively fuzz SCADA devices.
Type de document :
Communication dans un congrès
Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.57-72, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_5〉
Liste complète des métadonnées

Littérature citée [22 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01571775
Contributeur : Hal Ifip <>
Soumis le : jeudi 3 août 2017 - 15:03:54
Dernière modification le : jeudi 23 novembre 2017 - 15:34:02

Fichier

978-3-642-24864-1_5_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith. Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing. Jonathan Butts; Sujeet Shenoi. 5th International Conference Critical Infrastructure Protection (ICCIP), Mar 2011, Hanover, NH, United States. Springer, IFIP Advances in Information and Communication Technology, AICT-367, pp.57-72, 2011, Critical Infrastructure Protection V. 〈10.1007/978-3-642-24864-1_5〉. 〈hal-01571775〉

Partager

Métriques

Consultations de la notice

164

Téléchargements de fichiers

99