發(fā)布時(shí)間：2019-02-24 13:05

【摘要】：工控系統(tǒng)現(xiàn)在已普遍應(yīng)用于幾乎所有的工業(yè)領(lǐng)域和關(guān)鍵基礎(chǔ)設(shè)施中,工控系統(tǒng)的安全問(wèn)題對(duì)國(guó)民經(jīng)濟(jì)的正常運(yùn)轉(zhuǎn)和國(guó)家的安全有著重大的影響。對(duì)工業(yè)控制系統(tǒng)可能存在的Oday漏洞進(jìn)行檢測(cè)和挖掘,可以幫助廠商提前解決設(shè)備的安全問(wèn)題,最大可能的減少工業(yè)生產(chǎn)的損失。通過(guò)Fuzz測(cè)試方法進(jìn)行漏洞挖掘的方式已被工業(yè)界廣泛采用,模糊測(cè)試也是網(wǎng)絡(luò)安全和軟件設(shè)備安全的一個(gè)重要保障。本文研究了 Fuzz測(cè)試工具Peach框架在工業(yè)控制系統(tǒng)中進(jìn)行漏洞挖掘的應(yīng)用方法,并對(duì)Peach框架進(jìn)行了擴(kuò)展,使其能夠支持像PROFINET-DCP 一樣基于Ethernet層的協(xié)議的測(cè)試;為了在測(cè)試過(guò)程中進(jìn)行漏洞定位時(shí)節(jié)省大量的人力和時(shí)間,提出了漏洞定位與快速重現(xiàn)的算法。本文針對(duì)Peach在工控系統(tǒng)漏洞挖掘中的應(yīng)用進(jìn)行了改進(jìn),具體包括:詳細(xì)分析了 Modbus/TCP、EtherNetIP 和 PROFINET-DCP 三種常用工控協(xié)議的協(xié)議結(jié)構(gòu),根據(jù)分析結(jié)果編寫(xiě)了 23個(gè)PitFile測(cè)試腳本,供Peach用來(lái)進(jìn)行Fuzzing測(cè)試;通過(guò)引用SharpPcap框架,編寫(xiě)擴(kuò)展了 PROFINET Publisher模塊,使Peach框架支持了對(duì)PROFINET-DCP的測(cè)試;利用擴(kuò)展之后的Peach框架,借助已編寫(xiě)的測(cè)試腳本生成的1305204個(gè)測(cè)試用例,對(duì)三個(gè)國(guó)際主流工控廠商的系統(tǒng)設(shè)備進(jìn)行了測(cè)試,并發(fā)現(xiàn)了拒絕服務(wù)和緩沖區(qū)漏洞;實(shí)驗(yàn)過(guò)程中漏洞定位需消耗大量人力和時(shí)間,為優(yōu)化漏洞定位過(guò)程,提出了漏洞定位與快速重現(xiàn)的算法,大大提高了測(cè)試的效率。
[Abstract]:Industrial control system has been widely used in almost all industrial fields and key infrastructure. The safety of industrial control system has a significant impact on the normal operation of the national economy and national security. Detecting and mining the possible Oday vulnerabilities in industrial control systems can help manufacturers solve the safety problems of equipment in advance and reduce the loss of industrial production as much as possible. Vulnerability mining through Fuzz testing method has been widely used in industry. Fuzzy testing is also an important guarantee of network security and software equipment security. This paper studies the application of Fuzz testing tool Peach framework in industrial control system, and extends the Peach framework to support the test of Ethernet layer protocol like PROFINET-DCP. In order to save a lot of manpower and time during testing, an algorithm of vulnerability location and rapid recurrence is proposed. In this paper, the application of Peach in industrial control system vulnerability mining is improved, including: the protocol structure of three common industrial control protocols, Modbus/TCP,EtherNetIP and PROFINET-DCP, is analyzed in detail, and 23 PitFile test scripts are compiled according to the analysis results. For Peach to use for Fuzzing testing; By referencing the SharpPcap framework, the PROFINET Publisher module is extended to support the PROFINET-DCP testing in the Peach framework. By using the extended Peach framework and the 1305204 test cases generated by the test scripts, the system equipment of three international mainstream industrial control manufacturers is tested, and the denial of service and buffer vulnerabilities are found. In order to optimize the vulnerability location process, an algorithm of vulnerability location and rapid recurrence is proposed, which greatly improves the efficiency of testing.
【學(xué)位授予單位】：北京郵電大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2016
【分類(lèi)號(hào)】：TP273;TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前9條

1 毛立強(qiáng);;基于模糊測(cè)試的自動(dòng)化軟件測(cè)試方法[J];電腦知識(shí)與技術(shù);2014年06期

2 李戰(zhàn)寶;潘卓;;透視“震網(wǎng)”病毒[J];信息網(wǎng)絡(luò)安全;2011年09期

3 王鵬;陳德為;;現(xiàn)場(chǎng)總線技術(shù)在煙草工業(yè)成品物流自動(dòng)化系統(tǒng)中的應(yīng)用[J];物流科技;2011年05期

4 李萍;;工業(yè)以太網(wǎng)Ethernet/IP協(xié)議淺析[J];長(zhǎng)江大學(xué)學(xué)報(bào)(自然科學(xué)版)理工卷;2010年01期

5 薛吉;邱浩;奚培鋒;楊帆;;工業(yè)以太網(wǎng)EtherNet/IP介紹及其產(chǎn)品開(kāi)發(fā)[J];低壓電器;2009年05期

6 藍(lán)麗;李紅星;;PROFInet與現(xiàn)場(chǎng)總線的集成應(yīng)用[J];微計(jì)算機(jī)信息;2007年22期

7 繆學(xué)勤;論六種實(shí)時(shí)以太網(wǎng)的通信協(xié)議[J];自動(dòng)化儀表;2005年04期

8 成繼勛,朱紅萍;工業(yè)以太網(wǎng)技術(shù)的新進(jìn)展[J];自動(dòng)化儀表;2004年12期

9 梅格;IEC61158成為正式國(guó)際標(biāo)準(zhǔn)(IS)[J];儀器儀表標(biāo)準(zhǔn)化與計(jì)量;1999年06期

相關(guān)碩士學(xué)位論文 前2條

1 于長(zhǎng)奇;工控設(shè)備漏洞挖掘技術(shù)研究[D];北京郵電大學(xué);2015年

2 趙麗娟;Fuzz安全測(cè)試技術(shù)研究[D];北京郵電大學(xué);2011年

，

本文編號(hào)：2429580