An Electronic Device Description Language based approach for communication with dbms and file system in an industrial automation scenario

Banerjee, Suprateek; Großmann, Daniel

doi:10.1109/etfa.2016.7733682

“…In the past ten years, many security incidents and potential and possible dangers made the security situation of IIS increasingly serious. Figure 2 shows the statistic of IIS security incidents in recent years, and the data came from IS-CERT (The Internet Systems Cyber Emergency Response Team) [7][8][9][10][11][12][13].…”

Section: Introductionmentioning

confidence: 99%

A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

Li

¹

,

Meng

²

,

Zhang

³

et al. 2020

Preprint

0

View full text Add to dashboard Cite

The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzzy test methods. However, the current industrial control protocol fuzzy test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation.

show abstract

“…In the past 10 years, many security incidents and potential and possible dangers made the security situation of IIS increasingly serious. Figure 2 shows the statistic of IIS security incidents in recent years, and the data came from IS-CERT (The Internet Systems Cyber Emergency Response Team) [7][8][9][10][11][12][13].…”

mentioning

confidence: 99%

A dynamic taint tracking optimized fuzz testing method based on multi-modal sensor data fusion

Li

¹

,

Liu

²

,

Meng

³

et al. 2020

J Wireless Com Network

View full text Add to dashboard Cite

The safety of the Industrial Internet Control Systems has been a hotspot in the information security. To meet the needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzz test methods. However, the current industrial control protocol fuzz test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multimodal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent and greatly increases the probability of anomaly detection in the protocol implementation.

show abstract

“…In the past ten years, many security incidents and potential and possible dangers made the security situation of IIS increasingly serious. Figure 2 shows the statistIIS of IIS security incidents in recent years, and the data came from IIS-CERT (The Industrial Internet Systems Cyber Emergency Response Team) [7][8][9][10][11][12][13].…”

mentioning

confidence: 99%

A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

Li

¹

,

Meng

²

,

Zhang

³

et al. 2020

Preprint

0

View full text Add to dashboard Cite

The safety of Industrial Internet Control Systems has been a hotspot in the information security. To meet needs of communication, a large variety of proprietary protocols have emerged in the field of industrial control. The protocol field is often trusted in the implementation of industrial control terminal code. If attackers modify the data of these fields using the protocol defect, the operation of the program can be controlled and the entire system will be affected. To cope with such security threats, academia and industry generally adopt fuzzy test methods. However, the current industrial control protocol fuzzy test methods generally have low code coverage, where unified description models are missing and test cases are not targeted. A method of fuzzification processing combined with dynamic multi-modal sensor communication data is proposed. To track the program execution, the dynamic pollution analysis is used to search for the input fields that affect the execution of the conditional branch, and capture the dependencies between the conditional branches to guide the grammar generation of test cases, which can increase the chances of executing deep code. The experimental results show that the proposed method improves the validity and code coverage of test cases to a certain extent, and greatly increases the probability of anomaly detection in the protocol implementation

show abstract

An Electronic Device Description Language based approach for communication with dbms and file system in an industrial automation scenario

Cited by 7 publications

References 2 publications

A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

A dynamic taint tracking optimized fuzz testing method based on multi-modal sensor data fusion

A Dynamic Taint Tracking Optimized Fuzz Testing Method based on Multi-modal Sensor Data Fusion

Contact Info

Product

Resources

About