Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol

Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending...

Full description

Saved in:
Bibliographic Details
Published in2016 IEEE International Conference on Smart Grid Communications (SmartGridComm) pp. 557 - 563
Main Authors Hyunguk Yoo, Taeshik Shon
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.11.2016
Subjects
Computer security
Conferences
Fuzzing
Grammar
Privacy
Protocols
SCADA protocol
Smart grids
Software
Software vulnerability
Online AccessGet full text

Cover

More Information
Summary:Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending on the information used to generate test input. Although existing studies have advantages, they also have limitations for software with structured inputs, such as SCADA protocol implementations. This paper presents a novel fuzzing method leveraging software input grammar for test and dynamic information extracted from target program execution. The proposed fuzzing method was evaluated for two applications using a Modbus protocol, which is widely used in SCADA systems, and showed improved code coverage, compared to current well-known fuzzing tools.
DOI:10.1109/SmartGridComm.2016.7778820