Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol
Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending...
Saved in:
| Published in | 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm) pp. 557 - 563 |
|---|---|
| Main Authors | , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.11.2016
|
| Subjects | |
| Online Access | Get full text |
Cover
Loading…
| Abstract | Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending on the information used to generate test input. Although existing studies have advantages, they also have limitations for software with structured inputs, such as SCADA protocol implementations. This paper presents a novel fuzzing method leveraging software input grammar for test and dynamic information extracted from target program execution. The proposed fuzzing method was evaluated for two applications using a Modbus protocol, which is widely used in SCADA systems, and showed improved code coverage, compared to current well-known fuzzing tools. |
|---|---|
| AbstractList | Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending on the information used to generate test input. Although existing studies have advantages, they also have limitations for software with structured inputs, such as SCADA protocol implementations. This paper presents a novel fuzzing method leveraging software input grammar for test and dynamic information extracted from target program execution. The proposed fuzzing method was evaluated for two applications using a Modbus protocol, which is widely used in SCADA systems, and showed improved code coverage, compared to current well-known fuzzing tools. |
| Author | Hyunguk Yoo Taeshik Shon |
| Author_xml | – sequence: 1 surname: Hyunguk Yoo fullname: Hyunguk Yoo email: cielo1025@ajou.ac.kr organization: Dept. of Comput. Eng., Ajou Univ., Suwon, South Korea – sequence: 2 surname: Taeshik Shon fullname: Taeshik Shon email: tsshon@ajou.ac.kr organization: Dept. of Cyber Security, Ajou Univ., Suwon, South Korea |
| BookMark | eNotT8FKxDAUjKCgrv0CL8F760vTJI23UnersOBh974kTSqRtiltuuB-vQEXBmZgmPdmHtHt6EeL0AuBjBCQr4dBzaGZnan9MGQ5EJ4JIcoyhxuUSFESBhIKEEzeo2RZfgCASB5t9oDqZlZDzKdaLdZgZdQU3Nnibr1c3Pj9hrdn1a8qOD_iiENdvVd48EavC55mH3zr-yd016l-scmVN-i42x7rj3T_1XzW1T51RLAQP2iucy2MIsQo4HlL85J3hhfWlqztBJWUaWoYlZoDlS20PEopNC-KgtANev4_66y1p2l2sfbv6bqU_gEB4E5S |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IL CBEJK RIE RIL |
| DOI | 10.1109/SmartGridComm.2016.7778820 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan All Online (POP All Online) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library Online IEEE Proceedings Order Plans (POP All) 1998-Present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library Online url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISBN | 9781509040759 1509040757 |
| EndPage | 563 |
| ExternalDocumentID | 7778820 |
| Genre | orig-research |
| GroupedDBID | 6IE 6IF 6IK 6IL 6IN AAJGR ALMA_UNASSIGNED_HOLDINGS BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK IEGSK IERZE OCL RIE RIL |
| ID | FETCH-LOGICAL-i175t-bab6b2b7da11da062c3286fd64ee85cf73935b3d539b6039c0c639b97b644413 |
| IEDL.DBID | RIE |
| IngestDate | Thu Jun 29 18:38:16 EDT 2023 |
| IsPeerReviewed | false |
| IsScholarly | false |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-i175t-bab6b2b7da11da062c3286fd64ee85cf73935b3d539b6039c0c639b97b644413 |
| PageCount | 7 |
| ParticipantIDs | ieee_primary_7778820 |
| PublicationCentury | 2000 |
| PublicationDate | 2016-Nov. |
| PublicationDateYYYYMMDD | 2016-11-01 |
| PublicationDate_xml | – month: 11 year: 2016 text: 2016-Nov. |
| PublicationDecade | 2010 |
| PublicationTitle | 2016 IEEE International Conference on Smart Grid Communications (SmartGridComm) |
| PublicationTitleAbbrev | SmartGridComm |
| PublicationYear | 2016 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssj0001968205 |
| Score | 1.7943842 |
| Snippet | Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 557 |
| SubjectTerms | Computer security Conferences Fuzzing Grammar Privacy Protocols SCADA protocol Smart grids Software Software vulnerability |
| Title | Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol |
| URI | https://ieeexplore.ieee.org/document/7778820 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV07a8MwEBZppnbpIyl9o6Fj5diWJUXdSsiDQkohKWQLehlCSRxSe8mv78l2k7Z0KHgQthDizui7k-77hNC9Vmkam0QQFaWUJKlgREFcTpJYRdpSyiLt2cjjFz56S55nbNZADzsujHOuLD5zgW-WZ_k2M4XfKusIAQlbDAn6gZCy4mrt91Mkh0-s1hWNQtmZLMH4w83CeqqFL-LiQT3Aj5tUSiAZHKPx1xSq-pH3oMh1YLa_1Bn_O8cT1N5T9vDrDoxOUcOtztDRN7XBFuoNN8oz1YhHLouVVWu_1uG02G6hwyPu75S_MTwTcNITXmZWFx_Yyzlk8M-00XTQn_ZGpL5DgSwgMMhhRM11rIVVUWRVyGND4y5PLU-c6zKTekE8pqllVGoeUmlCAzGLlkJDoAQAd46aq2zlLhAWgGJMm5DqSCbQU4Vdr80uIQGUPFb0ErW8NebrSiVjXhvi6u_X1-jQe6Ri9d2gZr4p3C3Ae67vSr9-Avk-pOw |
| link.rule.ids | 310,311,783,787,792,793,799,27937,55086 |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV3NT8IwFG8IHtSLH2D8tgePbmzr2q3eDAFRgZiACTfSryXEwAhuF_56X7cJajyY7NBsTdO8t_T3Xvt-vyJ0K0WSBCqMHOEnxAmTiDoC4nInDIQvNSHUl5aNPBiy3lv4PKGTGrrbcGGMMUXxmXFtszjL16nK7VZZK4ogYQsgQd-BuDpmJVtru6PCGXyklbKo7_HWaA7mf1zNtCVb2DIu5lZD_LhLpYCS7gEafE2irCB5d_NMumr9S5_xv7M8RM0taQ-_buDoCNXM4hjtf9MbbKD240pYrppjsUtjocXSrnY4yddr6HCPOxvtbwzPCNz0gOeplvkHtoIOKfw1TTTudsbtnlPdouDMIDTIYETJZCAjLXxfC48FigQxSzQLjYmpSqwkHpVEU8Il8whXnoKoRfJIQqgEEHeC6ot0YU4RjgDHqFQekT4PoafwYqvOziEF5CwQ5Aw1rDWmy1InY1oZ4vzv1zdotzce9Kf9p-HLBdqz3ik5fpeonq1ycwVgn8nrwsefyeqoNw |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=2016+IEEE+International+Conference+on+Smart+Grid+Communications+%28SmartGridComm%29&rft.atitle=Grammar-based+adaptive+fuzzing%3A+Evaluation+on+SCADA+modbus+protocol&rft.au=Hyunguk+Yoo&rft.au=Taeshik+Shon&rft.date=2016-11-01&rft.pub=IEEE&rft.spage=557&rft.epage=563&rft_id=info:doi/10.1109%2FSmartGridComm.2016.7778820&rft.externalDocID=7778820 |