Access the full text.
Sign up today, get DeepDyve free for 14 days.
Yuanliang Chen, Yu Jiang, Fuchen Ma, Jie Liang, Mingzhe Wang, Chijin Zhou, Xun Jiao, Zhuo Su (2018)
EnFuzz: Ensemble Fuzzing with Seed Synchronization among Diverse Fuzzers
Cristian Cadar, Daniel Dunbar, D. Engler (2008)
KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs
Mingzhe Wang, Jie Liang, Yuanliang Chen, Yu Jiang, Xun Jiao, Han Liu, Xibin Zhao, Jiaguang Sun (2018)
SAFL: Increasing and Accelerating Testing Coverage with Symbolic Execution and Guided Fuzzing2018 IEEE/ACM 40th International Conference on Software Engineering: Companion (ICSE-Companion)
Jie Liang, Yu Jiang, Yuanliang Chen, Mingzhe Wang, Chijin Zhou, Jiaguang Sun (2018)
PAFL: extend fuzzing optimizations of single mode to industrial parallel modeProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Wikipedia (2019)
Accessed April 5th, 2019IEC104. Website. https://en.wikipedia.org/w/index.php?title=IEC1048redirect=no.
Marcel Böhme, Van-Thuan Pham, Abhik Roychoudhury (2016)
Coverage-based greybox fuzzing as Markov chainACM Conference on Computer and Communications Security.
Xuejun Yang, Yang Chen, E. Eide, J. Regehr (2011)
Finding and understanding bugs in C compilers
Wikipedia (2019)
Accessed June 3rd, 2019Profinet. Website. https://en.wikipedia.org/wiki/PROFINET.
Kostya Serebryany, Derek Bruening, Alexander Potapenko, Dmitriy Vyukov (2012)
AddressSanitizer: A Fast Address Sanity Checker
Nick Stephens, John Grosen, Christopher Salls, Andrew Dutcher, Ruoyu Wang, Jacopo Corbetta, Yan Shoshitaishvili, Christopher Krügel, G. Vigna (2016)
Driller: Augmenting Fuzzing Through Selective Symbolic Execution
Wikipedia (2019)
Accessed June 3rd, 2019ICCP. Website. https://en.wikipedia.org/w/index.php?title=Inter-Control_Center_Communications_Protocol8redirect=no.
Pedram Amini, Aaron Portnoy (2012)
Sulley(2012). https://github.com/OpenRCE/sulleyAccessed August 22nd
MZ Automation GmbH. Accessed April (2019)
libiec61850Website. https://github.com/mz-automation/libiec61850.
Caroline Lemieux, Koushik Sen (2017)
FairFuzz: A Targeted Mutation Strategy for Increasing Greybox Fuzz Testing Coverage2018 33rd IEEE/ACM International Conference on Automated Software Engineering (ASE)
Patrice Godefroid, Michael Levin, D. Molnar (2008)
Automated Whitebox Fuzz Testing
Jian Gao, Xin Yang, Ying Fu, Yu Jiang, Heyuan Shi, Jiaguang Sun (2018)
VulSeeker-pro: enhanced semantic learning based binary vulnerability seeker with emulationProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Tool (2019)
Accessed April 5th, 2019Peach Fuzzing Platform. Website. https://www.peach.tech.
Website (2019)
Accessed April 5th, 2019IEC 61850. Website. http://libiec61850.com/libiec61850/.
Ying Fu, Meng Ren, Fuchen Ma, Heyuan Shi, Xin Yang, Yu Jiang, Huizhong Li, Xiang Shi (2019)
EVMFuzzer: detect EVM vulnerabilities via fuzz testingProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
AFL-Clang-Fast
Heyuan Shi, Runzhe Wang, Ying Fu, Mingzhe Wang, Xiaohai Shi, Xun Jiao, Houbing Song, Yu Jiang, Jiaguang Sun (2019)
Industry practice of coverage-guided enterprise Linux kernel fuzzingProceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Website (2019)
Accessed April 5th, 2019vulnerabilites detected by American Fuzzy Lop. Website. http://lcamtuf.coredump.cx/afl/.
(2015)
American Fuzzy Lop
M. Sutton, Adam Greene, P. Amini (2007)
Fuzzing: Brute Force Vulnerability Discovery
(2019)
libiec61850. Website. https://github.com/mz-automation/ libiec61850
(2017)
Heartbleed -A vulnerability in OpenSSL
Christian Holler, Kim Herzig, A. Zeller (2012)
Fuzzing with Code Fragments
Koushik Sen, D. Marinov, G. Agha (2005)
CUTE: a concolic unit testing engine for C
Barton P. Miller, Lars Fredriksen, Bryan So (1990)
An empirical study of the reliability of UNIX utilitiesCommun. ACM 33 (1990), 33
Jianmin Guo, Yu Jiang, Yue Zhao, Quan Chen, Jiaguang Sun (2018)
DLFuzz: differential fuzzing testing of deep learning systemsProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Marcel Böhme, Van-Thuan Pham, Abhik Roychoudhury (2016)
Coverage-Based Greybox Fuzzing as Markov ChainIEEE Transactions on Software Engineering, 45
Peach Fuzzing Platform
dj chen (2019)
Accessed April 5th, 2019IEC104. Website. https://github.com/airpig2011/IEC104.
Patrice Godefroid, Adam Kiezun, Michael Levin (2008)
Grammar-based whitebox fuzzing
Clang (2019)
Accessed April 5th, 2019LLVM dataFlowSanitizer. Website. https://clang.llvm.org/docs/DataFlowSanitizer.html.
Stéphane Raimbault (2019)
Accessed April 5th, 2019libmodbus. Website. https://github.com/stephane/libmodbus.
Wikipedia (2019)
Accessed April 5th, 2019Modbus. Website. https://en.wikipedia.org/wiki/Modbus.
Cristian Cadar, Koushik Sen (2013)
Symbolic execution for software testing: three decades laterCommun. ACM, 56
IEEE Standards Association (2019)
Accessed June 3rd, 2019IEEE C37.118. Website. https://standards.ieee.org/standard/C37_118_1-2011.html.
George Klees, Andrew Ruef, Benji Cooper, Shiyi Wei, M. Hicks (2018)
Evaluating Fuzz TestingProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
Peng Chen, Hao Chen (2018)
Angora: Efficient Fuzzing by Principled Search2018 IEEE Symposium on Security and Privacy (SP)
Keith Jeffery (2012)
Workshop summaryInternational Journal of Cancer, 78
Tool (2019)
Accessed April 5th, 2019AFL-Clang-Fast. Website. https://github.com/mirrorer/afl/blob/master/llvm_mode/README.llvm.
Vijay Ganesh, T. Leek, M. Rinard (2009)
Taint-based directed whitebox fuzzing2009 IEEE 31st International Conference on Software Engineering
Tielei Wang, Tao Wei, G. Gu, Wei Zou (2010)
TaintScope: A Checksum-Aware Directed Fuzzing Tool for Automatic Software Vulnerability Detection2010 IEEE Symposium on Security and Privacy
Sanjay Rawat, Vivek Jain, Ashish Kumar, L. Cojocar, Cristiano Giuffrida, H. Bos (2017)
VUzzer: Application-aware Evolutionary Fuzzing
Industrial Control System (ICS) protocols are widely used to build communications among system components. Compared with common internet protocols, ICS protocols have more control over remote devices by carrying a specific field called “function code”, which assigns what the receive end should do. Therefore, it is of vital importance to ensure their correctness. However, traditional vulnerability detection techniques such as fuzz testing are challenged by the increasing complexity of these diverse ICS protocols. In this paper, we present a function code aware fuzzing framework — Polar, which automatically extracts semantic information from the ICS protocol and utilizes this information to accelerate security vulnerability detection. Based on static analysis and dynamic taint analysis, Polar initiates the values of the function code field and identifies some vulnerable operations. Then, novel semantic aware mutation and selection strategies are designed to optimize the fuzzing procedure. For evaluation, we implement Polar on top of two popular fuzzers — AFL and AFLFast, and conduct experiments on several widely used ICS protocols such as Modbus, IEC104, and IEC 61850. Results show that, compared with AFL and AFLFast, Polar achieves the same code coverage and bug detection numbers at the speed of 1.5X-12X. It also gains increase with 0%--91% more paths within 24 hours. Furthermore, Polar has exposed 10 previously unknown vulnerabilities in those protocols, 6 of which have been assigned unique CVE identifiers in the US National Vulnerability Database.
ACM Transactions on Embedded Computing Systems (TECS) – Association for Computing Machinery
Published: Oct 8, 2019
Keywords: Fuzz testing
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.