Skip to main content
Conference ProceedingsOPEN ACCESS

Identifying vulnerabilities in scada systems via fuzz-testing

IFIP Advances in Information and Communication Technology (2011) 367 57-72
DOI: 10.1007/978-3-642-24864-1_5
20Citations
Citations of this article
38Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

Security vulnerabilities typically arise from bugs in input validation and in the application logic. Fuzz-testing is a popular security evaluation technique in which hostile inputs are crafted and passed to the target software in order to reveal bugs. However, in the case of SCADA systems, the use of proprietary protocols makes it difficult to apply existing fuzz-testing techniques as they work best when the protocol semantics are known, targets can be instrumented and large network traces are available. This paper describes a fuzz-testing solution involving LZ-Fuzz, an inline tool that provides a domain expert with the ability to effectively fuzz SCADA devices.

Author supplied keywords

Cite

CITATION STYLE

APA

Shapiro, R., Bratus, S., Rogers, E., & Smith, S. (2011). Identifying vulnerabilities in scada systems via fuzz-testing. In IFIP Advances in Information and Communication Technology (Vol. 367, pp. 57–72). Springer New York LLC. https://doi.org/10.1007/978-3-642-24864-1_5

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free