IFFSET: In-Field Fuzzing of Industrial Control Systems using System Emulation

Dimitrios Tychalas, Michail Maniatakos

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Industrial Control Systems (ICS) have evolved in the last decade, shifting from proprietary software/hardware to contemporary embedded architectures paired with open-source operating systems. In contrast to the IT world, where continuous updates and patches are expected, decommissioning always-on ICS for security assessment can incur prohibitive costs to their owner. Thus, a solution for routinely assessing the cybersecurity posture of diverse ICS without affecting their operation is essential. Therefore, in this paper we introduce IFFSET, a platform that leverages full system emulation of Linux-based ICS firmware and utilizes fuzzing for security evaluation. Our platform extracts the file system and kernel information from a live ICS device, building an image which is emulated on a desktop system through QEMU. We employ fuzzing as a security assessment tool to analyze ICS specific libraries and find potential security threatening conditions. We test our platform with commercial PLCs, showcasing potential threats with no interruption to the control process.

Original languageEnglish (US)
Title of host publicationProceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020
EditorsGiorgio Di Natale, Cristiana Bolchini, Elena-Ioana Vatajelu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages662-665
Number of pages4
ISBN (Electronic)9783981926347
DOIs
StatePublished - Mar 2020
Event2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020 - Grenoble, France
Duration: Mar 9 2020Mar 13 2020

Publication series

NameProceedings of the 2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020

Conference

Conference2020 Design, Automation and Test in Europe Conference and Exhibition, DATE 2020
Country/TerritoryFrance
CityGrenoble
Period3/9/203/13/20

Keywords

  • Emulation
  • Fuzzing
  • Industrial Control

ASJC Scopus subject areas

  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality
  • Modeling and Simulation
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'IFFSET: In-Field Fuzzing of Industrial Control Systems using System Emulation'. Together they form a unique fingerprint.

Cite this