Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2017, Vol. 57 Issue (1): 50-54    DOI: 10.16511/j.cnki.qhdxxb.2017.21.010
  计算机科学与技术 本期目录 | 过刊浏览 | 高级检索 |
基于Peach的工业控制网络协议安全分析
伊胜伟, 张翀斌, 谢丰, 熊琦, 向憧, 梁露露
中国信息安全测评中心, 北京 100085
Security analysis of industrial control network protocols based on Peach
YI Shengwei, ZHANG Chongbin, XIE Feng, XIONG Qi, XIANG Chong, LIANG Lulu
China Information Technology Security Evaluation Center, Beijing 100085, China
全文: PDF(1217 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 模糊测试技术是发现未公开漏洞的重要技术手段之一。该文基于Peach提出了工业控制网络协议的安全分析方法。该方法采用变异策略,构造畸形网络数据包,发送给被测目标进行测试,在测试过程中监测被测目标工控网络协议的运行状况,发现网络异常并进行异常分析。该方法以一种公开的大范围使用的工业控制网络协议Modbus TCP为例分析了其安全性。实验结果表明,该方法在工业控制网络协议的安全漏洞挖掘方面是有效的。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
伊胜伟
张翀斌
谢丰
熊琦
向憧
梁露露
关键词 工业控制系统工业控制网络协议Peach模糊测试漏洞分析    
Abstract:Fuzzing tests are important for discovery of unknown vulnerabilities and risks. A security analysis method was developed for industrial control networks using the Peach fuzzing framework. The system uses the mutation strategy by fabricating abnormal network packets, sending these packets to the target and then executing tests. The tests monitor the status of the industrial control network protocols. The system then identifies exceptions in the industrial control network protocols. Modbus TCP, a widely used industrial control network protocol is analyzed as an example using a fuzzy Modbus TCP protocol. The results show that this method can effectively identify vulnerabilities in industrial control network protocols.
Key wordsindustrial control systems    industrial control network protocols    Peach    fuzzing test    vulnerability analyses
收稿日期: 2015-05-30      出版日期: 2017-01-20
ZTFLH:  TP393.1  
引用本文:   
伊胜伟, 张翀斌, 谢丰, 熊琦, 向憧, 梁露露. 基于Peach的工业控制网络协议安全分析[J]. 清华大学学报(自然科学版), 2017, 57(1): 50-54.
YI Shengwei, ZHANG Chongbin, XIE Feng, XIONG Qi, XIANG Chong, LIANG Lulu. Security analysis of industrial control network protocols based on Peach. Journal of Tsinghua University(Science and Technology), 2017, 57(1): 50-54.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2017.21.010  或          http://jst.tsinghuajournals.com/CN/Y2017/V57/I1/50
  图1 Peach模糊测试工具体系结构
  图2 工业控制网络协议的安全分析方法
  图3 ModbusTCP协议0x01功能码pit文件
  图4 模糊测试执行命令
  图5 采用ModbusSim仿真器测试ModbusTCP协议0x01功能码安全性的执行过程
[1] ISA99 Committee. ISA99 committee on industrial automation and control systems security[Z/OL].[2015-05-10]. http://isa99.isa.org/ISA99%20Wiki/Home.aspx.
[2] 熊琦, 彭勇, 伊胜伟, 等. 工控网络协议Fuzzing测试技术研究综述[J]. 小型微型计算机系统, 2015, 36(3):497-502. XIONG Qi, PENG Yong, YI Shengwei, et al. Survey on the fuzzing technology in industrial network protocols[J]. Journal of Chinese Computer Systems, 2015, 36(3):497-502. (in Chinese)
[3] 李鸿培, 于旸, 忽朝俭, 等. 2013工业控制系统及其安全性研究报告[R]. 北京:绿盟科技, 2013. LI Hongpei, YU Yang, HU Chaojian, et al. 2013 Report on Industrial Control System and Its Security[R]. Beijing:NSFOCUS, 2013. (in Chinese)
[4] 吴世忠, 郭涛, 董国伟, 等. 软件漏洞分析技术[M]. 北京:科学出版社, 2014. WU Shizhong, GUO Tao, DONG Guowei, et al. Software Vulnerability Analysis Technology[M]. Beijing:Science Press, 2014. (in Chinese)
[5] Miller B, Fredriksen L, So B. An empirical study of the reliability of UNIX utilities[J]. Communications of the ACM, 1990, 33(12):32-44.
[6] Roning J, et al. PROTOS:Systematic approach to eliminate software vulnerabilities, presented at microsoft research[Z/OL].[2015-05-10]. http://www.ee.oulu.fi/research/ouspg/PROTOSMSR2002-protos.
[7] Aitel D. An introduction to SPIKE, the fuzzer creation kit, presented at the BlackHat USA conference[Z/OL].[2015-05-10]. http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-aitel-spike.ppt.
[8] Biyani A, Sharma G, Aghav J, et al. Extension of SPIKE for encrypted protocol fuzzing[C]//The Third International Conference on Multimedia Information Networking and Security (MINES). Shanghai:IEEE Computer Society Conference Publishing Services, 2011:343-347.
[9] Amini P. Sulley:Pure python fully automated and unattended fuzzing framework[Z/OL].[2015-05-10]. http://code.google.com/p/sulley.
[10] Eddington M. Peach fuzzing platform[Z/OL].[2015-03-16]. http://peachfuzzer.com.
[11] 刘奇旭, 张玉清. 基于Fuzzing的TFTP漏洞挖掘技术[J]. 计算机工程, 2007, 33(20):142-144. LIU Qixu, ZHANG Yuqing. TFTP vulnerability exploiting technique based on fuzzing[J].Computer Engineering, 2007, 33(20), 142-144. (in Chinese)
[12] TONG Yongxin, CHEN Lei, CHENG Yuyong, et al. Mining frequent itemsets over uncertain databases[C]//Proceedings of the 38th International Conference on Very Large Databases, (VLDB2012). Istanbul, Turkey:VLDB Endowment Inc, 2012:1650-1661.
[13] TONG Yongxin, CHEN Lei, DING Bolin. Discovering threshold-based frequent closed itemsets over probabilistic data[C]//Proceedings of the 28th International Conference on Data Engineering, (ICDE 2012). Washington DC, USA:IEEE Computer Society, 2012:270-281.
[14] TONG Yongxin, CAO Caleb Chen, CHEN Lei. TCS:Efficient topic discovery over crowd-oriented service data[C]//Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, (SIGKDD 2014). New York, NY, USA:ACM DL, 2014:861-870.
[15] TONG Yongxin, CHEN Lei, SHE Jieying. Mining frequent itemsets in correlated uncertain databases[J]. Journal of Computer Science and Technology, 2015, 30(4):696-712.
[16] TONG Yongxin, SHE Jieying, CHEN Lei. Towards better understanding of app functions[J]. Journal of Computer Science and Technology, 2015, 30(5):1130-1140.
[17] YI Shengwei, XU Jize, PENG Yong, et al. Mining frequent rooted ordered tree generators efficiently[C]//CyberC2013. Beijing:IEEE Computer Society, 2013:132-139.
[18] YI Shengwei, ZHAO Tianheng, ZHANG Yuanyuan. SeqGen:Mining sequential generator patterns from sequence databases[J].Advanced Science Letters, 2012,11(1):340-345.
[1] 马金鑫, 张涛, 李舟军, 张江霄. Fuzzing过程中的若干优化方法[J]. 清华大学学报(自然科学版), 2016, 65(5): 478-483.
[2] 彭勇, 向憧, 张淼, 陈冬青, 高海辉, 谢丰, 戴忠华. 工业控制系统场景指纹及异常检测[J]. 清华大学学报(自然科学版), 2016, 56(1): 14-21.
[3] 崔宝江, 王福维, 郭涛, 柳本金. 基于污点信息的函数内存模糊测试技术研究[J]. 清华大学学报(自然科学版), 2016, 56(1): 7-13.
[4] 肖奇学, 陈渝, 戚兰兰, 郭世泽, 史元春. 堆分配大小可控的检测与分析[J]. 清华大学学报(自然科学版), 2015, 55(5): 572-578.
[5] 梁洪亮, 阳晓宇, 董钰, 张普含, 刘书昌. 并行化智能模糊测试[J]. 清华大学学报(自然科学版), 2014, 54(1): 14-19.
[6] 王得金, 江常青, 彭勇. 工业控制系统上基于安全域的攻击图生成[J]. 清华大学学报(自然科学版), 2014, 54(1): 44-52.
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
版权所有 © 《清华大学学报(自然科学版)》编辑部
本系统由北京玛格泰克科技发展有限公司设计开发 技术支持:support@magtech.com.cn