Fuzzing Framework for IEC 60870-5-104 Protocol

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26220%2F22%3APU146241" target="_blank" >RIV/00216305:26220/22:PU146241 - isvavai.cz</a>

Výsledek na webu

<a href="https://dl.acm.org/doi/proceedings/10.1145/3569966" target="_blank" >https://dl.acm.org/doi/proceedings/10.1145/3569966</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3569966.3570026" target="_blank" >10.1145/3569966.3570026</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Fuzzing Framework for IEC 60870-5-104 Protocol

Popis výsledku v původním jazyce

The importance of SCADA systems within the power grid is currently increasing due to the increased complexity of the grid. Thus, these systems may contain various security vulnerabilities, the exploitation of which may lead to large-scale blackouts. Therefore, the emphasis is nowadays on cyber security. One tool for automated testing and detection of hard-to-detect vulnerabilities such as buffer overflow and others is fuzzing. This paper discusses the fuzzing testing capabilities of IEC 60870-5-104 protocol which is used by power grid. We present a framework that can be used for automated testing. By using load balancing, high performance of the fuzzing process is achieved. The framework also provides a graphical environment to facilitate continuous testing. The functionality of the framework is demonstrated on a demonstration server into which a buffer overflow vulnerability was inserted, which was detected by the fuzzing framework.

Název v anglickém jazyce

Fuzzing Framework for IEC 60870-5-104 Protocol

Popis výsledku anglicky

The importance of SCADA systems within the power grid is currently increasing due to the increased complexity of the grid. Thus, these systems may contain various security vulnerabilities, the exploitation of which may lead to large-scale blackouts. Therefore, the emphasis is nowadays on cyber security. One tool for automated testing and detection of hard-to-detect vulnerabilities such as buffer overflow and others is fuzzing. This paper discusses the fuzzing testing capabilities of IEC 60870-5-104 protocol which is used by power grid. We present a framework that can be used for automated testing. By using load balancing, high performance of the fuzzing process is achieved. The framework also provides a graphical environment to facilitate continuous testing. The functionality of the framework is demonstrated on a demonstration server into which a buffer overflow vulnerability was inserted, which was detected by the fuzzing framework.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

20203 - Telecommunications

Projekt

<a href="/cs/project/FW02020084" target="_blank" >FW02020084: Výzkum systémových prvků pro zvýšení bezpečnosti a spolehlivosti infrastruktury chytrého měření</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2022

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

5th International Conference on Computer Science and Software Engineering, CSSE 2022

ISBN

978-1-4503-9778-0

ISSN

—

e-ISSN

—

Počet stran výsledku

5

Strana od-do

190-194

Název nakladatele

ACM

Místo vydání

neuveden

Místo konání akce

Guilin, China

Datum konání akce

21. 10. 2022

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—