Grammar-based adaptive fuzzing: Evaluation on SCADA modbus protocol

Software security for critical infrastructure, such as electrical grid and SCADA systems is becoming an increasing important issue. Fuzzing techniques are widely used to detect software security vulnerability, from various approaches (mutation-based or grammar-based, blackbox or whitebox) depending on the information used to generate test input. Although existing studies have advantages, they also have limitations for software with structured inputs, such as SCADA protocol implementations. This paper presents a novel fuzzing method leveraging software input grammar for test and dynamic information extracted from target program execution. The proposed fuzzing method was evaluated for two applications using a Modbus protocol, which is widely used in SCADA systems, and showed improved code coverage, compared to current well-known fuzzing tools.

[1]  Barton P. Miller,et al.  An empirical study of the reliability of UNIX utilities , 1990, Commun. ACM.

[2]  Peter Oehlert,et al.  Violating Assumptions with Fuzzing , 2005, IEEE Secur. Priv..

[3]  Harish Patil,et al.  Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.

[4]  James Newsom,et al.  Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005 , 2005 .

[5]  Xiangyu Zhang,et al.  Efficient online detection of dynamic control dependence , 2007, ISSTA '07.

[6]  Patrice Godefroid,et al.  Automated Whitebox Fuzz Testing , 2008, NDSS.

[7]  Adam Kiezun,et al.  Grammar-based whitebox fuzzing , 2008, PLDI '08.

[8]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[9]  David Brumley,et al.  BAP: A Binary Analysis Platform , 2011, CAV.

[10]  Sergey Bratus,et al.  Identifying Vulnerabilities in SCADA Systems via Fuzz-Testing , 2011, Critical Infrastructure Protection.

[11]  David Brumley,et al.  Program-Adaptive Mutational Fuzzing , 2015, 2015 IEEE Symposium on Security and Privacy.

[12]  Christopher Krügel,et al.  SOK: (State of) The Art of War: Offensive Techniques in Binary Analysis , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[13]  Christopher Krügel,et al.  Driller: Augmenting Fuzzing Through Selective Symbolic Execution , 2016, NDSS.