Testing Techniques for Finding Software Vulnerabilities in Industrial Control Systems
Testing Techniques for Finding Software Vulnerabilities in Industrial Control Systems
- 주제(키워드) Software Testing , Industrial Control System , Software Vulnerability
- 발행기관 아주대학교
- 지도교수 손태식
- 발행년도 2017
- 학위수여년월 2017. 2
- 학위명 박사
- 학과 및 전공 일반대학원 컴퓨터공학과
- 실제URI http://www.dcollection.net/handler/ajou/000000024909
- 본문언어 영어
- 저작권 아주대학교 논문은 저작권에 의해 보호받습니다.
초록/요약
In the most cyberattack, software vulnerabilities are one of the main attack vector. In particular, software vulnerabilities in industrial control systems have become a serious security threat. Software testing is one of the most effective approach to find software vulnerabilities. However, existing software testing techniques have limitations for the software that have complex states or highly structured input format which are common characteristics of the communication protocols used in industrial control systems. In this thesis, we propose two novel techniques to analyze and test software that have complex states or highly structured input format. First, we present a new state machine inference technique to correctly learn a complete and minimal state machine with fewer resource than existing techniques. We apply our technique to infer a state machine for the Secure Authentication component of a DNP3 application, and demonstrate the effectiveness of our technique. Second, we propose a new fuzzing technique, grammar-based adaptive fuzzing, to efficiently generate test inputs for the software that have highly structured input format. In the proposed technique, we use input grammar of the software as well as the dynamic dependency relationship between the input fields. We show that our technique execute more code of the target software than existing mutation-based fuzzing and non-adaptive grammar-based fuzzing. We evaluate the proposed techniques on applications of industrial control system protocols. The industrial control system protocols are good targets to apply our techniques because they usually have a complex state machine and highly structured input format. In addition, their dependability and reliability are very important problem because vulnerabilities in those applications could be exploited remotely by an attacker, and it may lead to catastrophic results. In our experiments, the proposed techniques outperforms existing techniques and tools, and show great promises for testing software of the industrial control system protocols.
more목차
Chapter 1 Introduction 1
1.1 Introduction 1
1.2 Contribution to the Field 4
1.3 Thesis Outline 5
Chapter 2 Background 6
2.1 Software Vulnerabilities in Industrial Control Systems 6
2.2 State Machine Inference 7
2.3 Dynamic Software Testing 8
Chapter 3 Inferring State Machines 10
3.1 Introduction 10
3.2 Problem Definition 13
3.3 Inferring State Machines using Hybrid Teacher 14
3.4 Implementation and Evaluation 22
3.5 Related Work 28
3.6 Discussion 29
Chapter 4 Grammar-based Adaptive Fuzzing 30
4.1 Introduction 30
4.2 Motivation for the Proposed Technique 33
4.3 Problem Definition 36
4.4 Grammar-based Adaptive Fuzzing 37
4.5 Implementation and Evaluation 55
4.6 Related Work 58
4.7 Discussion 61
Chapter 5 Conclusion 62
5.1 Summary 62
5.2 Future Work 63
5.3 Closing Remarks 63
