Advancing Protocol Fuzzing for Industrial Automation and Control Systems

Steffen Pfrang, David Meier, Michael Friedrich, Jürgen Beyerer

Abstract

Testing for security vulnerabilities is playing an important role in the changing domain of industrial automation and control systems. These systems are increasingly connected to each other via networking technology and are faced with new cyber threats. To improve the security properties of such systems, their robustness must be ensured. Security testing frameworks aim at enabling the assurance of robustness even at the time of development and can play a key role in bringing security into the industrial domain.\\ Fuzzing describes a technique to discover vulnerabilities in technical systems and is best known from its usage in IT security testing. It uses randomly altered data to provoke unexpected behaviour and can be used in combination with regular unit testing. Combined with the power of fuzzing, the effectiveness of security testing frameworks can be increased. In this work, different fuzzing tools were evaluated for their properties and then compared with the requirements for an application in the industrial domain. As no fuzzer was fully satisfying these requirements, a new fuzzer, combining the strength of different others, was designed and implemented, and then evaluated. The evaluation includes a real-world application where multiple vulnerabilities in industrial automation components could be identified.

References

Download


Paper Citation


in Harvard Style

Pfrang S., Meier D., Friedrich M. and Beyerer J. (2018). Advancing Protocol Fuzzing for Industrial Automation and Control Systems.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE, ISBN 978-989-758-282-0, pages 570-580. DOI: 10.5220/0006755305700580


in Bibtex Style

@conference{forse18,
author={Steffen Pfrang and David Meier and Michael Friedrich and Jürgen Beyerer},
title={Advancing Protocol Fuzzing for Industrial Automation and Control Systems},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,},
year={2018},
pages={570-580},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006755305700580},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ForSE,
TI - Advancing Protocol Fuzzing for Industrial Automation and Control Systems
SN - 978-989-758-282-0
AU - Pfrang S.
AU - Meier D.
AU - Friedrich M.
AU - Beyerer J.
PY - 2018
SP - 570
EP - 580
DO - 10.5220/0006755305700580