Skip to main content
SpringerLink
Log in

Security Testing and Run-Time Monitoring

  • Chapter
  • First Online:
Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems

  • 629 Accesses

Abstract

Testing and monitoring constitute two required technologies for robust cyber-physical and IoT systems. Testing is fundamental to the system design process as well as to its certification for meeting specified security and safety requirements. Despite availability of a tested and certified system, its operation in the field requires continuous monitoring, considering potential unanticipated or unknown attacks and failures. In this chapter, we address testing for security and especially fuzzing, for cyber-physical and IoT systems as well as run-time monitoring for safety and security. We describe an example fuzzer for the Modbus industrial protocol and an example run-time monitor for industrial applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Wurldtech – GE Digital, Achilles Test Platform (2017), https://www.ge.com/digital/sites/default/files/achilles_test_platform.pdf

  2. D. Aitel, An introduction to SPIKE, the Fuzzer Creation Kit. Presented at The BlackHat USA conference, 2002, www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt

  3. P. Amini, Sulley: pure Python fully automated and unattended fuzzing framework (2014), https://github.com/OpenRCE/sulley

  4. J. Antunes, N. Neves, Recycling test cases to detect security vulnerabilities, in Proceedings of the 23rd International Symposium on Software Reliability Engineering, Dallas, 27–30 Nov 2012, pp. 231–240

    Google Scholar 

  5. ARM Security Technology, Building a Secure System using TrustZone Technology. ARM white paper, Document PRD29-GENC-009492C (2005), http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf

  6. T. Avgerinos, S.K. Cha, B.L.T. Hao, D. Brumley, AEG: automatic exploit generation, in Proceedings of the Network and Distributed System Security Symposium (NDSS’11), San Diego, 6–9 Feb 2011

    Google Scholar 

  7. G. Banks et al., SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr, in Proceedings of the 9th Information Security Conference (ISC’06), 2006, pp. 343–358

    Google Scholar 

  8. M. Böhme, V.-T. Pham, A. Roychoudhury, Coverage-based greybox fuzzing as markov chain, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Securit (CCS’16), Vienna, 24–28 Oct 2016, pp. 1032–1043

    Google Scholar 

  9. E.J. Byres, D. Hoffman, N. Kube, On shaky ground – a study of security vulnerabilities in control protocols, in Proceedings of the 5th International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, 12–16 Nov 2006

    Google Scholar 

  10. C. Cadar, V. Ganesh, P. Pawlowski, D. Dill, D. Engler, EXE: automatically generating inputs of death, in Proceedings of CCS’06, Oct–Nov 2006 (extended version appeared in ACM TIS-SEC 12:2, 2008)

    Article  Google Scholar 

  11. C. Cadar, D. Dunbar, D. Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs, in Proceedings of OSDI’08, Dec 2008

    Google Scholar 

  12. B. Chess, J. West, Secure Programming with Static Analysis. Addison-Wesley Professional, 2008

    Google Scholar 

  13. J. Clause, W. Li, A. Orso, Dytan: a generic dynamic taint analysis framework, in Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA’07), London, UK, 9–12 July 2007, pp. 196–206

    Google Scholar 

  14. V. Costan, S. Devadas, Intel SGX explained. Cryptology ePrint archive: report 2016/086, IACR, 2016

    Google Scholar 

  15. C. Cowan et al. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, in Proceedings of the 7th USENIX Security Symposium, San Antonio, 26–29 Jan 1998

    Google Scholar 

  16. B. Delaware, C. Pit-Claudel, J. Gross, A. Chlipala, Fiat: deductive synthesis of abstract data types in a proof assistant, in Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’15), Mumbai, 15–17 Jan 2015, pp. 689–700

    Google Scholar 

  17. G. Devarajan, Unraveling SCADA protocols: using Sulley fuzzer. Presented at the DefCon’15 hacking conference, 2007

    Google Scholar 

  18. V. Ganesh, T. Leek, M. Rinard. Taint-based directed whitebox fuzzing, in Proceedings of the 31st International Conference on Software Engineering (ICSE’09), Vancouver, 16–24 May 2009, pp. 474–484

    Google Scholar 

  19. P. Godefroid, N. Klarlund, K. Sen, DART: directed automated random testing, in Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, 12–15 June 2005, pp. 213–223

    Google Scholar 

  20. P. Godefroid, M.Y. Levin, D. Molnar, SAGE: whitebox fuzzing for security testing. ACM Queue 10(1), 20 (2012)

    Article  Google Scholar 

  21. H.J. Goldsby, B.H.C. Cheng, J. Zhang, AMOEBA-RT: run-time verification of adaptive software, in Proceedings of Models in Software Engineering (MODELS 2007), Nashville, 30 Sept–5 Oct 2007, LNCS-5002, Springer, 2008, pp. 212–224

    Google Scholar 

  22. S. Gorbunov, A. Rosenbloom, Autofuzz: automated network protocol fuzzing framework. IJCSNS 10(8), 239–245 (2010)

    Google Scholar 

  23. V. Hodge, J. Austin, A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004)

    Article  Google Scholar 

  24. S.K. Huang, M.H. Huang, P.Y. Huang, C. W. Lai, H. L. Lu, W.M. Leong, CRAX: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. IEEE 6th International Conference on Software Security and Reliability, 20–22 June 2012, pp. 78–87

    Google Scholar 

  25. K. Katsigiannis, D. Serpanos, MTF – storm: a high performance fuzzer for Modbus/TCP, in Proceedings of the 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), Turin, 2018, pp. 926–931

    Google Scholar 

  26. M.T. Khan, D. Serpanos, H. Shrobe, On the formal semantics of the cognitive middleware AWDRAT. Technical Report MIT-CSAIL-TR-2015-007, Computer Science and Artificial Intelligence Laboratory, MIT, USA, Mar 2015

    Google Scholar 

  27. M.T. Khan, D. Serpanos, H. Shrobe, ARMET: behavior-based secure and resilient industrial control systems. Proc. IEEE 106(1), 129–143 (2018)

    Article  Google Scholar 

  28. S.S. Kim, A.L.N. Reddy, M. Vannucci, Detecting traffic anomalies through aggregate analysis of packet header data, in Proceedings of 3rd International IFIP-TC6 Networking Conference (NETWORKING 2004), Athens, 9–14 May 2004, Springer LNCS-3042, pp. 1047–1059

    Google Scholar 

  29. T.H. Kobayashi, A.B. Batista, A.M. Brito, P.S. Motta Pires, Using a packet manipulation tool for security analysis of industrial network protocols, in Proceedings of 2007 IEEE Conference on Emerging Technologies and Factory Automation, Patras, 2007, pp. 744–747

    Google Scholar 

  30. R. Koch, Profuzz, https://github.com/HSASec/ProFuzz

  31. A.Lakhina, M. Crovella, C. Diot, Mining anomalies using traffic feature distributions, in Proceeding of the 2005 Conference on Applications, Technologies, Architectures and Protocols for Computer Communications (SIGCOMM 2005), Philadelphia, 22–16 Aug 2005, pp. 217–228

    Google Scholar 

  32. Y. Li, B. Chen, M. Chandramohan, S.W. Lin, Y. Liu, A. Tiu, Steelix: program-state based binary fuzzing, in Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, 4–8 Sept 2017, pp. 627–637

    Google Scholar 

  33. B.P. Miller, L. Fredriksen, B. So, An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)

    Article  Google Scholar 

  34. B.P. Miller et al., Fuzz revisited: a re-examination of the reliability of UNIX utilities and services. Technical report TR-1268, Department of Computer Sciences, University of Wisconsin-Madison, 1995

    Google Scholar 

  35. ModBus Organization. ModBus application protocol specification, http://www.modbus.org/docs/ModbusApplication/ProtocolV11b.pdf

  36. Modbus serial line protocol and implementation guide V1.02 (Modbus_over_serial_line_V1_02.pdf)

    Google Scholar 

  37. R. McNally, K. Yiu, D. Grove, D. Gerhardy, Fuzzing: the state of the art. Technical note DSTO-TN-1043, Defence Science and Technology Organization, Australia, 02–2012

    Google Scholar 

  38. J. Newsome, D. Song, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Technical report CMU-CS-04-140, 2004 (revised 2005)

    Google Scholar 

  39. http://nvd.nist.gov

  40. V. Paxson, Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)

    Article  Google Scholar 

  41. Peach Fuzzing platform, http://www.peach.tech/products/peach-fuzzer/, 2017

  42. PROTOS-security testing of protocol implementations, http://www.ee.oulu.fi/roles/ouspg/Protos/

  43. X. Qi, P. Yong, Z. Dai, S. Yi, T. Wang, OPC-MFuzzer: a novel multi-layers vulnerability detection tool for OPC protocol based on fuzzing technology. Int. J. Comput. Commun. Eng. 3(4), 300–305 (2014)

    Article  Google Scholar 

  44. S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, H. Bos, VUzzer: application-aware evolutionary fuzzing, in Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, 26 Feb–1 Mar 2017

    Google Scholar 

  45. M. Roesch, Snort – lightweight intrusion detection for networks, in Proceedings of the 13th USENIX Conference on System Administration (LISA’99), 1999, pp. 229–238

    Google Scholar 

  46. E.J. Schwartz, T. Avgerinos, D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). 2010 IEEE Symposium on Security and Privacy, 2010

    Google Scholar 

  47. D. Serpanos, J. Henkel, Dependability and security will change embedded computing. Computer 41(1), 103–105 (2008)

    Article  Google Scholar 

  48. D. Serpanos, Secure and resilient industrial control systems. IEEE Design Test 35(1), 90–94 (2018)

    Article  Google Scholar 

  49. D. Serpanos, M.T. Khan, H. Shrobe, Designing safe and secure industrial control systems: a tutorial review. IEEE Design Test 35(3), 73–88 (2018)

    Article  Google Scholar 

  50. http://www.securityfocus.com

  51. R. Shapiro, S. Bratus, E. Rogers, S. Smith, Identifying vulnerabilities in SCADA systems via fuzz-testing. Crit. Infrastruct. Prot. V IFIP AICT 367, 57–72 (2011)

    Google Scholar 

  52. D. Siewiorek, R. Swarz, The Theory and Practice of Reliable System Design (Digital Press, Bedford, 1982)

    MATH  Google Scholar 

  53. S. Sparks, S. Embleton, R. Cunningham, C. Zou, Automated vulnerability analysis: leveraging control flow for evolutionary input crafting, in Proceedings of the 23rd Annual IEEE Computer Security Applications Conference (ACSAC 2007), pp. 477–486

    Google Scholar 

  54. http://www.securitytracker.com

  55. M. Sutton, A. Greene, P. Amini, Fuzzing: Brute Force Vulnerability Discovery (Addison-Wesley Professional, Upper Saddle River, 2007)

    Google Scholar 

  56. A. Takanen, J. DeMott, C. Miller, Fuzzing for Software Security Testing and Quality Assurance (Artech House, Boston, 2008)

    MATH  Google Scholar 

  57. P. Tsankov, M. Torabi Dashti, D. Basin, SECFUZZ: fuzz-testing security protocols, in Proceedings of the 7th International Workshop on Automation of Software Test (AST 2012), Zurich, 2–3 June 2012

    Google Scholar 

  58. A.Valdes, K. Skinner, Adaptive, model-based monitoring for cyber attack detection, in Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, 2–4 Oct 2000, Springer, pp. 80–93

    Google Scholar 

  59. J.D. DeMott, R.J. Enbody, W.F. Punch, Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing. VDA Labs, Available at: https://www.vdalabs.com/tools/EFS.pdf

  60. J. Viega et al., ITS4: a static vulnerability scanner for C and C++ code, in Proceedings of 16th Annual IEEE Conference Computer Security Applications (ACSAC’00), New Orleans, 2000, pp. 257–267

    Google Scholar 

  61. A.G. Voyiatzis, K. Katsigiannis, S. Koubias, A Modbus/TCP Fuzzer for testing internetworked industrial systems, in Proceedings of the 20th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2015), Luxembourg, 8–11 Sept 2015, pp. 1–6

    Google Scholar 

  62. T. Wang, T. Wei, G. Gu, W. Zou, TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection, in 2010 IEEE Symposium on Security and Privacy, Oakland, 2010, pp. 497–512

    Google Scholar 

  63. T. Wang, et al., Design and implementation of fuzzing technology for OPC protocol, in Proceedings of 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, 2013, pp. 424–428

    Google Scholar 

  64. J. Wang, B. Chen, L. Wei, Y. Liu, Skyfire: data-driven seed generation for fuzzing, in Proceedings of IEEE Symposium on Security and Privacy, 2017

    Google Scholar 

  65. C. Watterson, D. Heffernan, Runtime verification and monitoring of embedded systems. Software, IET 1(5), 172–179 (2007)

    Article  Google Scholar 

  66. M. Zalewski, American fuzzy lop, available at: http://lcamtuf.coredump.cx/afl/

  67. J. Zhao, Y. Wen, G. Zhao, H-fuzzing: a new heuristic method for fuzzing data generation, in Proceedings of Network and Parallel Computing, LNCS, vol. 6985, (Springer, 2011), pp. 32–43

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, University of Nebraska – Lincoln, Lincoln, NE, USA

    Marilyn Wolf

  2. Electrical and Computer Engineering, University of Patras, Patras, Greece

    Dimitrios Serpanos

Authors
  1. Marilyn Wolf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dimitrios Serpanos
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Wolf, M., Serpanos, D. (2020). Security Testing and Run-Time Monitoring. In: Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-25808-5_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-25808-5_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-25807-8

  • Online ISBN: 978-3-030-25808-5

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation