详情

原文传递 Fuzz Testing of Industrial Network Protocols in Programmable Logic Controllers.

题名：	Fuzz Testing of Industrial Network Protocols in Programmable Logic Controllers.
作者：	Gormley, J. I. J.
关键词：	Communications protocols, Malware, Communication channels, Computer networks, Computer programs, Cyberattacks, Denial of service attack, Intrusion detection, Intrusion detectors, Network science, Security protocols, Computer security, Network protocols, Industrial control system, Protocol fuzz testing, Programmable logic controllers, Common industrial protocol, Programmable controller communication commands
摘要：	Daily operations of U.S. Navy afloat and ashore systems are heavily reliant on industrial control systems (ICSs) to manage critical infrastructure services. Programmable logic controllers (PLCs) are vital components in these cyber-physical systems. The industrial network protocols used to communicate between nodes in a control network are complex and vulnerable to a myriad of cyber attacks, as reported by Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team. This thesis utilizes protocol fuzz testing techniques to investigate potential vulnerabilities in the Allen-Bradley/Rockwell Automation (AB/RA) MicroLogix 1100 PLC through its implementation of EtherNet/IP, Common Industrial Protocol (CIP), and Programmable Controller Communication Commands (PCCC) communication protocols. This research also examines whether cross-generational vulnerabilities exist in the more advanced AB/RA ControlLogix 1756-L71 PLC. Our results discover several deviations from the EtherNet/IP and PCCC specifications in the MicroLogix 1100 implementation of these protocols. Additionally, we find that a recently disclosed denial-of-service vulnerability that renders the MicroLogix 1100 inoperable does not trigger a similar fault condition in the ControlLogix PLC.
报告类型：	科技报告