Abstract
System implementations need to be tested for security, because implementation bugs provide an attack surface that can be exploited to penetrate the systems. In this chapter, we introduce testing for security for IoT systems and especially fuzz testing, which is a successful technique to identify vulnerabilities in systems and network protocols. We describe an example fuzzer for the industrial protocol Modbus.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Wurldtech- GE Digital, Achilles Test Platform, 2017. https://www.ge.com/digital/sites/default/files/achilles_test_platform.pdf
Aitel, D. (2002). An introduction to SPIKE, the Fuzzer Creation Kit. Presented at The BlackHat USA Conference. www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt
Amini, P. (2014). Sulley: Pure Python fully automated and unattended fuzzing framework. https://github.com/OpenRCE/sulley
Antunes, J., & Neves, N. (2012). Recycling test cases to detect security vulnerabilities. In Proceedings of the 23rd International Symposium on Software Reliability Engineering, Dallas, Texas, November 27–30, 2012, pp. 231–240.
Avgerinos, T., Cha, S. K., Hao, B. L. T., & Brumley, D. (2011). AEG: Automatic Exploit Generation. In Proceedings of the Network and Distributed System Security Symposium (NDSS’11), San Diego, California, February 6–9, 2011.
Banks, G., et al. (2006). SNOOZE: toward a Stateful NetwOrk prOtocol fuzZEr. In Proceedings of the 9th Information Security Conference (ISC ‘06), pp. 343–358.
Biondi, P. Scapy, python interactive packet manipulation framework. http:/www.secdev.org/projects/scapy/
Bratus, S., Hansen, A., & Shubina, A.(2008). LZFuzz: A fast compression-based Fuzzer for poorly documented protocols. Technical Report TR2008–634, Dept. of Computer Science, Dartmouth College, New Hampshire.
Byres, E. J., Hoffman, D., & Kube, N. (2006). On shaky ground – A study of security vulnerabilities in control protocols. In Proceedings of the 5th International Topical Meeting on Nuclear Plant Instrumentation Controls, and Human Machine Interface Technology, American Nuclear Society, Albuquerque, November 12–16, 2006.
Cadar, C., Ganesh, V., Pawlowski, P., Dill, D., & Engler, D. (2008). EXE: Automatically generating inputs of Death. In: Proceedings of CCS’06, Oct–Nov 2006 (extended version appeared in ACM TIS-SEC 12:2, 2008).
Cadar, C., Dunbar, D., & Engler, D. (2008). KLEE: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of OSDI’08, December 2008.
Cadar, C., & Sen, K. (2013). Symbolic execution for software testing: Three decades later. Communications of the ACM, 56(2), 82–90.
Clause, J., Li, W., & Orso, A. (2007). Dytan: A generic dynamic taint analysis framework. In Proceedings of the 2007 International Symposium on Software Testing and Analysis (ISSTA’07), London, UK, July 9–12, 2007, pp. 196–206.
Chess, B., & West, J. (2007). Secure programming with static analysis. USA: Pearson Education.
Cowan, C., et al. (1998). StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the 7th Usenix Security Symposium, San Antonio, Texas, January 26–29, 1998.
Devarajan, G. (2007). Unraveling SCADA protocols: Using Sulley Fuzzer. Presented at the DefCon’15 Hacking Conference, 2007.
Du, W., & Mathur, A. P. (2002). Testing for software vulnerability using environment perturbation. Quality and Reliability Engineering International, 18(3), 261–272.
Ganesh, V., Leek, T., & Rinard, M. (2009). Taint-based directed whitebox fuzzing. In Proceedings of the 31st International Conference on Software Engineering (ICSE’09), Vancouver, Canada, May 16–24, 2009, pp. 474–484.
Godefroid, P., Klarlund, N., & Sen, K. (2005). DART: Directed Automated Random Testing. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming language design and implementation, Chicago, USA, June 12–15, 2005, pp. 213–223.
Godefroid, P., Levin, M. Y., & Molnar, D. (2012). SAGE: Whitebox fuzzing for security testing. ACM Queue, 10(1).
Gorbunov, S., & Rosenbloom, A. (2010). Autofuzz: Automated network protocol fuzzing framework. IJCSNS, 10(8), 239–245.
Huang, S. K., Huang, M. H., Huang, P. Y., Lai, C. W., Lu, H. L., Leong, W. M. (2012). CRAX: Software crash analysis for automatic exploit generation by modeling attacks as symbolic continuations. IEEE 6th International Conference on Software Security and Reliability, June 20–22, 2012, pp. 78–87.
Kitagawa, T., Hanaoka, M., & Kono, K. (2010). AspFuzz: A state-aware protocol fuzzer based on application-layer protocols. In Proceedings of the IEEE Cymposium on Computers and Communications, Italy, 2010, pp. 202–208.
Kobayashi, T. H., Batista, A. B., Brito, A. M., & Motta Pires, P. S. (2007). Using a packet manipulation tool for security analysis of industrial network protocols. In Proceedings of 2007 IEEE Conference on Emerging Technologies and Factory Automation, Patras, 2007, pp. 744–747.
Koch, R. Profuzz. https://github.com/HSASec/ProFuzz
Miller, B. P., Fredriksen, L., & So, B. (1990). An empirical study of the reliability of UNIX utilities. Communications of the ACM, 33(12), 32–44.
Miller, B. P., et al. (1995). Fuzz revisited: A re-examination of the reliability of UNIX utilities and services. Technical report TR-1268, Department of Computer Sciences, University of Wisconsin-Madison.
Miller, B. P., Cooksey, G., & Moore, F. (2006). An empirical study of the robustness of MacOS applications using random testing. In Proceedings of the 1st International Workshop on Random testing. Portland, Maine, July 20, 2006, pp. 46–54.
ModBus Organization. ModBus Application Protocol Specification http://www.modbus.org/docs/ModbusApplication/ProtocolV11b.pdf
Modbus Serial Line Protocol and Implementation Guide V1.02 (Modbus_over_serial_line_V1_02.pdf).
McNally, R., Yiu, K., Grove, D., & Gerhardy, D. Fuzzing: The State of the Art. Technical Note DSTO-TN-1043, Defence Science and Technology Organization, Australia, 02–2012.
Newsome, J., & Song, D. Dynamic taint analysis for automatic detection, analysis, and signature generation of exploits on commodity software. Technical report CMU-CS-04-140, 2004 (revised 2005).
Peach Fuzzing Platform, http://www.peach.tech/products/peach-fuzzer/, 2017.
PROTOS-Security Testing of Protocol Implementations. http//www.ee.oulu.fi/roles/ouspg/Protos/
Qi, X., Yong, P., Dai, Z., Yi, S., & Wang, T. (2014). OPC-MFuzzer: A novel multi-layers vulnerability detection tool for OPC protocol based on fuzzing technology. International Journal of Computer and Communication Engineering, 3(4), 300–305.
Schwartz, E. J., Avgerinos, T., & Brumley, D. (2010). All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). 2010 IEEE Symposium on Security and Privacy.
Sen, K., Marinov, D., & Agha, G. (2005). CUTE: A concolic unit testing engine for C. In Proceedings of the 10th European Software Engineering Conference (held jointly with 13th ACM SIGSOFT International Symposium on the Foundations of Software Engineering), September 5–9, 2005, pp. 263–272.
Shapiro, R., Bratus, S., Rogers, E., & Smith, S. (2011). Identifying vulnerabilities in SCADA systems via fuzz-testing. Critical Infrastructure Protection V, IFIP AICT, 367, 57–72.
Sparks, S., Embleton, S., Cunningham, R., & Zou, C. (2007). Automated vulnerability analysis: Leveraging control flow for evolutionary input crafting. In Proceedings of the 23rd Annual IEEE Computer Security Applications Conference (ACSAC 2007), pp. 477–486.
Sutton, M., Greene, A., & Amini, P. (2007). Fuzzing: Brute force vulnerability discovery. Addison-Wesley Professional.
Takanen, A., DeMott, J., & Miller, C. (2008). Fuzzing for software security testing and quality assurance.
Tsankov, P., Torabi Dashti, M., Basin, D. (2012). SECFUZZ: Fuzz-testing security protocols. In Proceedings of the 7th International Workshop on Automation of Software Test (AST 2012), June 2–3, 2012, Zurich, Switzerland.
VDA Labs, “General Purpose Fuzzer.” Rockford, Michigan, 2014, www.vdalabs.com/tools/efs gpf.html
Viega, J., et al. (2000). ITS4: A static vulnerability scanner for C and C++ code. In Proceedings of 16th Annual IEEE Conference Computer Security Applications (ACSAC'00), New Orleans, Louisiana, 2000, pp. 257–267.
Voyiatzis, A. G., Katsigiannis, K., & Koubias, S. (2015). A Modbus/TCP Fuzzer for testing internetworked industrial systems. In Proceedings of the 20th IEEE International Conference on Emerging Technologies and Factory Automation ( ETFA 2015 ). Luxembourg, September 8–11, 2015, pp. 1–6.
Vuagnoux, M. (2006). Autodafe: An Act of Software Torture. Swiss Federal Institute of Technology (EPFL), Cryptography and Security Laboratory (LASEC). http://autodafe.sourceforge.net
Wang, T., Wei, T., Gu, G., & Zou, W. (2010). TaintScope: A checksum-aware directed fuzzing tool for automatic software vulnerability detection. 2010 IEEE Symposium on Security and Privacy, Oakland, CA, USA, 2010, pp. 497–512.
Wang, T., et al. (2013). Design and implementation of fuzzing technology for OPC protocol. In Proceedings of 9th International Conference on Intelligent Information Hiding and Multimedia Signal Processing, Beijing, China, 2013, pp. 424–428.
Zhao, J., Wen, Y., & Zhao, G. (2011). H-fuzzing: A new heuristic method for fuzzing data generation. In Proceedings of Network and Parallel Computing, LNCS, Vol. 6985, Springer, 2011, pp. 32–43.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Serpanos, D., Wolf, M. (2018). Security Testing IoT Systems. In: Internet-of-Things (IoT) Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-69715-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-69715-4_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-69714-7
Online ISBN: 978-3-319-69715-4
eBook Packages: EngineeringEngineering (R0)