@inproceedings{337b0ab662b44fb78f86b908bfd5ca12,
title = "IFFSET: In-Field Fuzzing of Industrial Control Systems using System Emulation",
abstract = "Industrial Control Systems (ICS) have evolved in the last decade, shifting from proprietary software/hardware to contemporary embedded architectures paired with open-source operating systems. In contrast to the IT world, where continuous updates and patches are expected, decommissioning always-on ICS for security assessment can incur prohibitive costs to their owner. Thus, a solution for routinely assessing the cybersecurity posture of diverse ICS without affecting their operation is essential. Therefore, in this paper we introduce IFFSET, a platform that leverages full system emulation of Linux-based ICS firmware and utilizes fuzzing for security evaluation. Our platform extracts the file system and kernel information from a live ICS device, building an image which is emulated on a desktop system through QEMU. We employ fuzzing as a security assessment tool to analyze ICS specific libraries and find potential security threatening conditions. We test our platform with commercial PLCs, showcasing potential threats with no interruption to the control process.",
keywords = "Emulation, Fuzzing, Industrial Control",
author = "Dimitrios Tychalas and Michail Maniatakos",
note = "Publisher Copyright: {\textcopyright} 2020 EDAA.; 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020 ; Conference date: 09-03-2020 Through 13-03-2020",
year = "2020",
month = mar,
doi = "10.23919/DATE48585.2020.9116365",
language = "English (US)",
series = "Proceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "662--665",
editor = "{Di Natale}, Giorgio and Cristiana Bolchini and Elena-Ioana Vatajelu",
booktitle = "Proceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020",
}