OTKRIVANJE SIGURNOSNIH PROPUSTA U SCADA SISTEMIMA METODOM FUZZ TESTIRANJA
Ključne reči:
SCADA sigurnost, Modbus protokol, fuzz testiranje
Apstrakt
U ovom radu opisani su problemi koji nastaju usljed propusta u razvoju programa. Objašnjena je fuzz metoda za pronalaženje sigurnosnih propusta. Fuzz metode se relativno često koriste u rasprostranjenim IT sistemima kao što su web sistemi, ali u slučaju SCADA sistema, gde postoje razni protokoli uključujući i vlasničke, ne postoji uniformno i dostupno rešenje za fuzz testiranje. S toga je cilj rada da istraži pristupe i predloži proširenje postojećih platformi tako da se omogući i SCADA fuzz testiranje.
Reference
[1] Kyle Coffey, Richard Smith, Leandros Maglaras and Helge Janicke, Vulnerability Analysis of Network Scanning on SCADA Systems, 2018
[2] Mehdi Sabraoui, Jeffery L. Hieb, and James H. Graham, Protocol Fuzzing for Cyber Security and Hardening of Industrial Control Systems, 2014
[3] Hyunguk Yoo, Taeshik Shon, Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol, 2016
[4] Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith, Do it yourself SCADA vulnerability testing with lzfuzz, 2011
[5] Branislav Atlagić, Softver sa kritičnim odzivom, projektovanje SCADA sistema, 2015
[6] Frances Cleveland, IEC TC57 Security Standards for the Power System's Information Infrastructure – Beyond Simple Encription, 2006
[7] Sergey Bratus, Axel Hansen, Anna Shubina, LZfuzz: a fast compression-based fuzzer for poorly documented protocols, 2008
[8] Peach alat (https://www.peach.tech/products/peach-fuzzer/) (pristupljeno u septembru 2019)
[2] Mehdi Sabraoui, Jeffery L. Hieb, and James H. Graham, Protocol Fuzzing for Cyber Security and Hardening of Industrial Control Systems, 2014
[3] Hyunguk Yoo, Taeshik Shon, Grammar-based Adaptive Fuzzing: Evaluation on SCADA Modbus Protocol, 2016
[4] Rebecca Shapiro, Sergey Bratus, Edmond Rogers, Sean Smith, Do it yourself SCADA vulnerability testing with lzfuzz, 2011
[5] Branislav Atlagić, Softver sa kritičnim odzivom, projektovanje SCADA sistema, 2015
[6] Frances Cleveland, IEC TC57 Security Standards for the Power System's Information Infrastructure – Beyond Simple Encription, 2006
[7] Sergey Bratus, Axel Hansen, Anna Shubina, LZfuzz: a fast compression-based fuzzer for poorly documented protocols, 2008
[8] Peach alat (https://www.peach.tech/products/peach-fuzzer/) (pristupljeno u septembru 2019)
Objavljeno
2020-02-22
Sekcija
Elektrotehničko i računarsko inženjerstvo