Abstract
Testing and monitoring constitute two required technologies for robust cyber-physical and IoT systems. Testing is fundamental to the system design process as well as to its certification for meeting specified security and safety requirements. Despite availability of a tested and certified system, its operation in the field requires continuous monitoring, considering potential unanticipated or unknown attacks and failures. In this chapter, we address testing for security and especially fuzzing, for cyber-physical and IoT systems as well as run-time monitoring for safety and security. We describe an example fuzzer for the Modbus industrial protocol and an example run-time monitor for industrial applications.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wurldtech – GE Digital, Achilles Test Platform (2017), https://www.ge.com/digital/sites/default/files/achilles_test_platform.pdf
D. Aitel, An introduction to SPIKE, the Fuzzer Creation Kit. Presented at The BlackHat USA conference, 2002, www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt
P. Amini, Sulley: pure Python fully automated and unattended fuzzing framework (2014), https://github.com/OpenRCE/sulley
J. Antunes, N. Neves, Recycling test cases to detect security vulnerabilities, in Proceedings of the 23rd International Symposium on Software Reliability Engineering, Dallas, 27–30 Nov 2012, pp. 231–240
ARM Security Technology, Building a Secure System using TrustZone Technology. ARM white paper, Document PRD29-GENC-009492C (2005), http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf
T. Avgerinos, S.K. Cha, B.L.T. Hao, D. Brumley, AEG: automatic exploit generation, in Proceedings of the Network and Distributed System Security Symposium (NDSS’11), San Diego, 6–9 Feb 2011
G. Banks et al., SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr, in Proceedings of the 9th Information Security Conference (ISC’06), 2006, pp. 343–358
M. Böhme, V.-T. Pham, A. Roychoudhury, Coverage-based greybox fuzzing as markov chain, in Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Securit (CCS’16), Vienna, 24–28 Oct 2016, pp. 1032–1043
E.J. Byres, D. Hoffman, N. Kube, On shaky ground – a study of security vulnerabilities in control protocols, in Proceedings of the 5th International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, 12–16 Nov 2006
C. Cadar, V. Ganesh, P. Pawlowski, D. Dill, D. Engler, EXE: automatically generating inputs of death, in Proceedings of CCS’06, Oct–Nov 2006 (extended version appeared in ACM TIS-SEC 12:2, 2008)
C. Cadar, D. Dunbar, D. Engler, KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs, in Proceedings of OSDI’08, Dec 2008
B. Chess, J. West, Secure Programming with Static Analysis. Addison-Wesley Professional, 2008
J. Clause, W. Li, A. Orso, Dytan: a generic dynamic taint analysis framework, in Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA’07), London, UK, 9–12 July 2007, pp. 196–206
V. Costan, S. Devadas, Intel SGX explained. Cryptology ePrint archive: report 2016/086, IACR, 2016
C. Cowan et al. StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks, in Proceedings of the 7th USENIX Security Symposium, San Antonio, 26–29 Jan 1998
B. Delaware, C. Pit-Claudel, J. Gross, A. Chlipala, Fiat: deductive synthesis of abstract data types in a proof assistant, in Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL’15), Mumbai, 15–17 Jan 2015, pp. 689–700
G. Devarajan, Unraveling SCADA protocols: using Sulley fuzzer. Presented at the DefCon’15 hacking conference, 2007
V. Ganesh, T. Leek, M. Rinard. Taint-based directed whitebox fuzzing, in Proceedings of the 31st International Conference on Software Engineering (ICSE’09), Vancouver, 16–24 May 2009, pp. 474–484
P. Godefroid, N. Klarlund, K. Sen, DART: directed automated random testing, in Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation, Chicago, 12–15 June 2005, pp. 213–223
P. Godefroid, M.Y. Levin, D. Molnar, SAGE: whitebox fuzzing for security testing. ACM Queue 10(1), 20 (2012)
H.J. Goldsby, B.H.C. Cheng, J. Zhang, AMOEBA-RT: run-time verification of adaptive software, in Proceedings of Models in Software Engineering (MODELS 2007), Nashville, 30 Sept–5 Oct 2007, LNCS-5002, Springer, 2008, pp. 212–224
S. Gorbunov, A. Rosenbloom, Autofuzz: automated network protocol fuzzing framework. IJCSNS 10(8), 239–245 (2010)
V. Hodge, J. Austin, A survey of outlier detection methodologies. Artif. Intell. Rev. 22(2), 85–126 (2004)
S.K. Huang, M.H. Huang, P.Y. Huang, C. W. Lai, H. L. Lu, W.M. Leong, CRAX: software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. IEEE 6th International Conference on Software Security and Reliability, 20–22 June 2012, pp. 78–87
K. Katsigiannis, D. Serpanos, MTF – storm: a high performance fuzzer for Modbus/TCP, in Proceedings of the 2018 IEEE 23rd International Conference on Emerging Technologies and Factory Automation (ETFA), Turin, 2018, pp. 926–931
M.T. Khan, D. Serpanos, H. Shrobe, On the formal semantics of the cognitive middleware AWDRAT. Technical Report MIT-CSAIL-TR-2015-007, Computer Science and Artificial Intelligence Laboratory, MIT, USA, Mar 2015
M.T. Khan, D. Serpanos, H. Shrobe, ARMET: behavior-based secure and resilient industrial control systems. Proc. IEEE 106(1), 129–143 (2018)
S.S. Kim, A.L.N. Reddy, M. Vannucci, Detecting traffic anomalies through aggregate analysis of packet header data, in Proceedings of 3rd International IFIP-TC6 Networking Conference (NETWORKING 2004), Athens, 9–14 May 2004, Springer LNCS-3042, pp. 1047–1059
T.H. Kobayashi, A.B. Batista, A.M. Brito, P.S. Motta Pires, Using a packet manipulation tool for security analysis of industrial network protocols, in Proceedings of 2007 IEEE Conference on Emerging Technologies and Factory Automation, Patras, 2007, pp. 744–747
R. Koch, Profuzz, https://github.com/HSASec/ProFuzz
A.Lakhina, M. Crovella, C. Diot, Mining anomalies using traffic feature distributions, in Proceeding of the 2005 Conference on Applications, Technologies, Architectures and Protocols for Computer Communications (SIGCOMM 2005), Philadelphia, 22–16 Aug 2005, pp. 217–228
Y. Li, B. Chen, M. Chandramohan, S.W. Lin, Y. Liu, A. Tiu, Steelix: program-state based binary fuzzing, in Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering, Paderborn, 4–8 Sept 2017, pp. 627–637
B.P. Miller, L. Fredriksen, B. So, An empirical study of the reliability of UNIX utilities. Commun. ACM 33(12), 32–44 (1990)
B.P. Miller et al., Fuzz revisited: a re-examination of the reliability of UNIX utilities and services. Technical report TR-1268, Department of Computer Sciences, University of Wisconsin-Madison, 1995
ModBus Organization. ModBus application protocol specification, http://www.modbus.org/docs/ModbusApplication/ProtocolV11b.pdf
Modbus serial line protocol and implementation guide V1.02 (Modbus_over_serial_line_V1_02.pdf)
R. McNally, K. Yiu, D. Grove, D. Gerhardy, Fuzzing: the state of the art. Technical note DSTO-TN-1043, Defence Science and Technology Organization, Australia, 02–2012
J. Newsome, D. Song, Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Technical report CMU-CS-04-140, 2004 (revised 2005)
V. Paxson, Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Peach Fuzzing platform, http://www.peach.tech/products/peach-fuzzer/, 2017
PROTOS-security testing of protocol implementations, http://www.ee.oulu.fi/roles/ouspg/Protos/
X. Qi, P. Yong, Z. Dai, S. Yi, T. Wang, OPC-MFuzzer: a novel multi-layers vulnerability detection tool for OPC protocol based on fuzzing technology. Int. J. Comput. Commun. Eng. 3(4), 300–305 (2014)
S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, H. Bos, VUzzer: application-aware evolutionary fuzzing, in Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, 26 Feb–1 Mar 2017
M. Roesch, Snort – lightweight intrusion detection for networks, in Proceedings of the 13th USENIX Conference on System Administration (LISA’99), 1999, pp. 229–238
E.J. Schwartz, T. Avgerinos, D. Brumley. All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). 2010 IEEE Symposium on Security and Privacy, 2010
D. Serpanos, J. Henkel, Dependability and security will change embedded computing. Computer 41(1), 103–105 (2008)
D. Serpanos, Secure and resilient industrial control systems. IEEE Design Test 35(1), 90–94 (2018)
D. Serpanos, M.T. Khan, H. Shrobe, Designing safe and secure industrial control systems: a tutorial review. IEEE Design Test 35(3), 73–88 (2018)
R. Shapiro, S. Bratus, E. Rogers, S. Smith, Identifying vulnerabilities in SCADA systems via fuzz-testing. Crit. Infrastruct. Prot. V IFIP AICT 367, 57–72 (2011)
D. Siewiorek, R. Swarz, The Theory and Practice of Reliable System Design (Digital Press, Bedford, 1982)
S. Sparks, S. Embleton, R. Cunningham, C. Zou, Automated vulnerability analysis: leveraging control flow for evolutionary input crafting, in Proceedings of the 23rd Annual IEEE Computer Security Applications Conference (ACSAC 2007), pp. 477–486
M. Sutton, A. Greene, P. Amini, Fuzzing: Brute Force Vulnerability Discovery (Addison-Wesley Professional, Upper Saddle River, 2007)
A. Takanen, J. DeMott, C. Miller, Fuzzing for Software Security Testing and Quality Assurance (Artech House, Boston, 2008)
P. Tsankov, M. Torabi Dashti, D. Basin, SECFUZZ: fuzz-testing security protocols, in Proceedings of the 7th International Workshop on Automation of Software Test (AST 2012), Zurich, 2–3 June 2012
A.Valdes, K. Skinner, Adaptive, model-based monitoring for cyber attack detection, in Proceedings of the 3rd International Workshop on Recent Advances in Intrusion Detection (RAID 2000), Toulouse, 2–4 Oct 2000, Springer, pp. 80–93
J.D. DeMott, R.J. Enbody, W.F. Punch, Revolutionizing the Field of Grey-box Attack Surface Testing with Evolutionary Fuzzing. VDA Labs, Available at: https://www.vdalabs.com/tools/EFS.pdf
J. Viega et al., ITS4: a static vulnerability scanner for C and C++ code, in Proceedings of 16th Annual IEEE Conference Computer Security Applications (ACSAC’00), New Orleans, 2000, pp. 257–267
A.G. Voyiatzis, K. Katsigiannis, S. Koubias, A Modbus/TCP Fuzzer for testing internetworked industrial systems, in Proceedings of the 20th IEEE International Conference on Emerging Technologies and Factory Automation (ETFA 2015), Luxembourg, 8–11 Sept 2015, pp. 1–6
T. Wang, T. Wei, G. Gu, W. Zou, TaintScope: a checksum-aware directed fuzzing tool for automatic software vulnerability detection, in 2010 IEEE Symposium on Security and Privacy, Oakland, 2010, pp. 497–512
T. Wang, et al., Design and implementation of fuzzing technology for OPC protocol, in Proceedings of 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, 2013, pp. 424–428
J. Wang, B. Chen, L. Wei, Y. Liu, Skyfire: data-driven seed generation for fuzzing, in Proceedings of IEEE Symposium on Security and Privacy, 2017
C. Watterson, D. Heffernan, Runtime verification and monitoring of embedded systems. Software, IET 1(5), 172–179 (2007)
M. Zalewski, American fuzzy lop, available at: http://lcamtuf.coredump.cx/afl/
J. Zhao, Y. Wen, G. Zhao, H-fuzzing: a new heuristic method for fuzzing data generation, in Proceedings of Network and Parallel Computing, LNCS, vol. 6985, (Springer, 2011), pp. 32–43
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Wolf, M., Serpanos, D. (2020). Security Testing and Run-Time Monitoring. In: Safe and Secure Cyber-Physical Systems and Internet-of-Things Systems. Springer, Cham. https://doi.org/10.1007/978-3-030-25808-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-25808-5_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-25807-8
Online ISBN: 978-3-030-25808-5
eBook Packages: EngineeringEngineering (R0)