Fuzzy test method for firmware of industrial control equipment

A technology of fuzz testing and industrial control, which is applied in the field of network security, and can solve problems such as batch vulnerability mining and testing of difficult PLC firmware

Active Publication Date: 2020-10-27
HANGZHOU DIANZI UNIV
View PDF11 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But this method needs to load and execute the firmware program on the corresponding embedded hardware device
For a wide variety of PLC industrial control equipment on the market, it is necessary to build a variety of dedicated embedded hardware environments to perform vulnerability testing and mining. It is difficult to efficiently implement batch vulnerability mining testing of a wide variety of PLC firmware

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Fuzzy test method for firmware of industrial control equipment
  • Fuzzy test method for firmware of industrial control equipment
  • Fuzzy test method for firmware of industrial control equipment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0053] The present invention will be further described in detail below in conjunction with the examples.

[0054] In the present invention, when needing to use the IDE tool Workbench of WindRiver Company to compile the VxWorks system mirror image, select the mirror image format as ELF format (Executable and Linkable Format). At the same time, an FTP protocol server component needs to be added to load the binary executable program under test into the virtual machine, and finally generate the system image vxworks_kernel.

[0055] Such as figure 1 As shown, the technical solution adopted in the present invention is a fuzzy testing method for industrial control equipment firmware, and the overall steps are divided into four stages:

[0056] 1. Firmware download stage: Analyze the image download address of each manufacturer to obtain the corresponding URL, and save the downloaded firmware file in the directory.

[0057] 2. Executable program extraction stage: create a working dir...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a fuzzy test method for firmware of industrial control equipment. The method comprises four stages: firmware downloading, executable program extraction, program simulation running and fuzzy testing. According to the method, firmware of each manufacturer device is downloaded through an automatic crawler, a binary executable file is extracted in a recursive mode, the executable file is simulated and executed and fuzzy testing of firmware network service is carried out. According to the efficient fuzzy test method for the executable program in the firmware of the industrial control equipment, various special embedded hardware execution environments do not need to be built for a specific model of PLC industrial control firmware, and the embedded equipment does not needto be manually restarted in the test process, so that the whole fuzzy test process is more convenient and efficient, and large-batch parallel vulnerability mining test can be conveniently realized tosupport large-scale firmware vulnerability test work. The method is suitable for vulnerability mining of an existing industrial control system, and automatic testing of the industrial control system and the like.

Description

[0001] technology neighborhood [0002] The invention relates to the field of network security technology, in particular to the technology of exploiting vulnerabilities of industrial control equipment based on fuzzy testing. Background technique [0003] According to relevant survey statistics, about 95% of programmable logic controllers (Programmable Logic Controllers) in industrial control systems in 2018 are products of foreign companies such as Schneider (France), Siemens (Germany), and Omron (Japan). Most of them are systems developed by secondary customization based on the real-time operating system VxWorks. The secondary development for the VxWorks system is mainly to add industrial control network protocols such as Modbus, Siemens S7, DNP3, HTTP, FTP, SNMP, and DHCP required by PLC industrial control equipment. The realization of these protocols depends on the industrial control protocol network service program, Web server program, Telnet program, FTP server program a...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G05B23/02
CPCG05B23/0213G05B2219/24065
Inventor 徐向华邵帅朱佳超
Owner HANGZHOU DIANZI UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap