In the most cyberattack, software vulnerabilities are one of the main attack vector. In particular, software vulnerabilities in industrial control systems have become a serious security threat. Software testing is one of the most effective approach to find software vulnerabilities. However, existing software testing techniques have limitations for the software that have complex states or highly structured input format which are common characteristics of the communication protocols used in industrial control systems.
In this thesis, we propose two novel techniques to analyze and test software that have complex states or highly structured input format. First, we present a new state machine inference technique to correctly learn a complete and minimal state machine with fewer resource than existing techniques. We apply our technique to infer a state machine for the Secure Authentication component of a DNP3 application, and demonstrate the effectiveness of our technique.
Second, we propose a new fuzzing technique, grammar-based adaptive fuzzing, to efficiently generate test inputs for the software that have highly structured input format. In the proposed technique, we use input grammar of the software as well as the dynamic dependency relationship between the input fields. We show that our technique execute more code of the target software than existing mutation-based fuzzing and non-adaptive grammar-based fuzzing.
We evaluate the proposed techniques on applications of industrial control system protocols. The industrial control system protocols are good targets to apply our techniques because they usually have a complex state machine and highly structured input format. In addition, their dependability and reliability are very important problem because vulnerabilities in those applications could be exploited remotely by an attacker, and it may lead to catastrophic results. In our experiments, the proposed techniques outperforms existing techniques and tools, and show great promises for testing software of the industrial control system protocols.
