333 research outputs found
Active fuzzing for testing and securing cyber-physical systems
National Research Foundation (NRF) Singapore under its National Satellite of Excellence Programm
Finding Causally Different Tests for an Industrial Control System
Industrial control systems (ICSs) are types of cyber-physical systems in
which programs, written in languages such as ladder logic or structured text,
control industrial processes through sensing and actuating. Given the use of
ICSs in critical infrastructure, it is important to test their resilience
against manipulations of sensor/actuator inputs. Unfortunately, existing
methods fail to test them comprehensively, as they typically focus on finding
the simplest-to-craft manipulations for a testing goal, and are also unable to
determine when a test is simply a minor permutation of another, i.e. based on
the same causal events. In this work, we propose a guided fuzzing approach for
finding 'meaningfully different' tests for an ICS via a general formalisation
of sensor/actuator-manipulation strategies. Our algorithm identifies the causal
events in a test, generalises them to an equivalence class, and then updates
the fuzzing strategy so as to find new tests that are causally different from
those already identified. An evaluation of our approach on a real-world water
treatment system shows that it is able to find 106% more causally different
tests than the most comparable fuzzer. While we focus on diversifying the test
suite of an ICS, our formalisation may be useful for other fuzzers that
intercept communication channels.Comment: Accepted by the 45th IEEE/ACM International Conference on Software
Engineering (ICSE 2023
Security of Cyber-Physical Systems
Cyber-physical system (CPS) innovations, in conjunction with their sibling computational and technological advancements, have positively impacted our society, leading to the establishment of new horizons of service excellence in a variety of applicational fields. With the rapid increase in the application of CPSs in safety-critical infrastructures, their safety and security are the top priorities of next-generation designs. The extent of potential consequences of CPS insecurity is large enough to ensure that CPS security is one of the core elements of the CPS research agenda. Faults, failures, and cyber-physical attacks lead to variations in the dynamics of CPSs and cause the instability and malfunction of normal operations. This reprint discusses the existing vulnerabilities and focuses on detection, prevention, and compensation techniques to improve the security of safety-critical systems
Bridging the Gap: A Survey and Classification of Research-Informed Ethical Hacking Tools
The majority of Ethical Hacking (EH) tools utilised in penetration testing are developed by practitioners within the industry or underground communities. Similarly, academic researchers have also contributed to developing security tools. However, there appears to be limited awareness among practitioners of academic contributions in this domain, creating a significant gap between industry and academia’s contributions to EH tools. This research paper aims to survey the current state of EH academic research, primarily focusing on research-informed security tools. We categorise these tools into process-based frameworks (such as PTES and Mitre ATT&CK) and knowledge-based frameworks (such as CyBOK and ACM CCS). This classification provides a comprehensive overview of novel, research-informed tools, considering their functionality and application areas. The analysis covers licensing, release dates, source code availability, development activity, and peer review status, providing valuable insights into the current state of research in this field
Cybersecurity of COSPAS-SARSAT and EPIRB: threat and attacker models, exploits, future research
COSPAS-SARSAT is an International programme for "Search and Rescue" (SAR)
missions based on the "Satellite Aided Tracking" system (SARSAT). It is
designed to provide accurate, timely, and reliable distress alert and location
data to help SAR authorities of participating countries to assist persons and
vessels in distress. Two types of satellite constellations serve COSPAS-SARSAT,
low earth orbit search and rescue (LEOSAR) and geostationary orbiting search
and rescue (GEOSAR). Despite its nearly-global deployment and critical
importance, unfortunately enough, we found that COSPAS-SARSAT protocols and
standard 406 MHz transmissions lack essential means of cybersecurity.
In this paper, we investigate the cybersecurity aspects of COSPAS-SARSAT
space-/satellite-based systems. In particular, we practically and successfully
implement and demonstrate the first (to our knowledge) attacks on COSPAS-SARSAT
406 MHz protocols, namely replay, spoofing, and protocol fuzzing on EPIRB
protocols. We also identify a set of core research challenges preventing more
effective cybersecurity research in the field and outline the main
cybersecurity weaknesses and possible mitigations to increase the system's
cybersecurity level
- …