基于peach对工控Modbus TCP协议分析
摘要
工业控制系统(ICS)的正常稳定运行是工业生产的根本。然而工控系统漏洞的存在严重威胁ICS的正常运行。模糊测试技术是挖掘漏洞的重要技术。本文是基于Peach框架下对采用生成与变异两种模式相结合的方式,首先根据国家信息安全漏洞库的公开内容提取漏洞成因相似特征,然后充分分析TCP协议的特征构造规范的测试用例并作为被测目标的输入,最后根据漏洞相似特征采用多维变异方法进行漏洞挖掘。为了证实该方法的有效性,以Modbus TCP协议中0x01功能为例进行验证。实验结果表明该方法在漏洞发掘方面是有效的。
The normal and stable operation of industrial control system(ICS) is the basis ofindustrial production. However, the existence ofindustrial control system vulnerabilities seriously threaten the normal operation of ICS.At present, fuzzy test is an important technology to exploit industrial control system vulnerabilities.This paper is based on the Peach framework, using the combination of generation and variation mode, firstly, similar characteristics of the causes of vulnerabilities are extracted according to the public contents of the national information security vulnerability database,then,analyzes the characteristics of the TCP protocol,so as to improve the test case as the input of the target, and finally verify the effectiveness of the vulnerability of the TCP protocol in the way of experiment.
The normal and stable operation of industrial control system(ICS) is the basis ofindustrial production. However, the existence ofindustrial control system vulnerabilities seriously threaten the normal operation of ICS.At present, fuzzy test is an important technology to exploit industrial control system vulnerabilities.This paper is based on the Peach framework, using the combination of generation and variation mode, firstly, similar characteristics of the causes of vulnerabilities are extracted according to the public contents of the national information security vulnerability database,then,analyzes the characteristics of the TCP protocol,so as to improve the test case as the input of the target, and finally verify the effectiveness of the vulnerability of the TCP protocol in the way of experiment.
引文
[1]张晓明,王丽宏,何跃鹰,何世平.工业控制系统信息安全风险分析及漏洞检测[J].物联网学报,2017,1(1):34-39.
[2]蔡一鸣.基于模糊测试的工控协议漏洞挖掘系统[D].北京:北京工业大学,2016.
[3]崔欣,温彦龙.工业控制系统模糊测试研究与应用[J].信息安全与通信保密,2018(09):73-78.
[4]Miller B,Fredrisen L,So B.An empirical study of the reliable of UNIX utilities[J].Communications of the ACM,1990,33(12:):32-34.
[5]J.Roning.PROTOS:System-atic approach to aliminate software vulnerabilities in Microsoft Reserch.[EB/OL]www.ee.olili.fi/research/ouspg/PROTO-SMSR2002-protos.
[6]SPIKE.[EB/OL].http://www.immunitysec.com/resource-freesofortware.html.2009-06.
[7]2015.Eddington M.Peach fuzzing platform[Z/OL].[2015-03-16]http://fuzzer.com.
[8]王志强.基于模糊测试的漏洞挖掘及相关攻防技术研究[D].西安:西安电子科技大学,2015:11-12.
[9]丁迪,薛质.基于Peach的模糊测试样本变异策略研究[J].信息安全与通信保密,2014(11):144-147.
[10]曾淑娟,刘嘉勇,刘亮.基于Peach框架的测试样本优化方法的研究[J].网络安全技术与应用,2016(01):96-97.
[11]刘炽.TCP/IP协议栈原理及其在ARM上的具体实现[D].长沙:湖南大学,2005:7-13.
[12]陈梅.基于TCP/IP的网络互联的原理及其应用[J].上海电机技术高等专科学校学报,2002(2):20-24,34.
[2]蔡一鸣.基于模糊测试的工控协议漏洞挖掘系统[D].北京:北京工业大学,2016.
[3]崔欣,温彦龙.工业控制系统模糊测试研究与应用[J].信息安全与通信保密,2018(09):73-78.
[4]Miller B,Fredrisen L,So B.An empirical study of the reliable of UNIX utilities[J].Communications of the ACM,1990,33(12:):32-34.
[5]J.Roning.PROTOS:System-atic approach to aliminate software vulnerabilities in Microsoft Reserch.[EB/OL]www.ee.olili.fi/research/ouspg/PROTO-SMSR2002-protos.
[6]SPIKE.[EB/OL].http://www.immunitysec.com/resource-freesofortware.html.2009-06.
[7]2015.Eddington M.Peach fuzzing platform[Z/OL].[2015-03-16]http://fuzzer.com.
[8]王志强.基于模糊测试的漏洞挖掘及相关攻防技术研究[D].西安:西安电子科技大学,2015:11-12.
[9]丁迪,薛质.基于Peach的模糊测试样本变异策略研究[J].信息安全与通信保密,2014(11):144-147.
[10]曾淑娟,刘嘉勇,刘亮.基于Peach框架的测试样本优化方法的研究[J].网络安全技术与应用,2016(01):96-97.
[11]刘炽.TCP/IP协议栈原理及其在ARM上的具体实现[D].长沙:湖南大学,2005:7-13.
[12]陈梅.基于TCP/IP的网络互联的原理及其应用[J].上海电机技术高等专科学校学报,2002(2):20-24,34.