Write a Blog >>
ISSTA 2020
Sat 18 - Wed 22 July 2020
Mon 20 Jul 2020 11:10 - 11:30 at Zoom - FUZZING Chair(s): Rody Kersten

Cyber-physical systems (CPSs) in critical infrastructure face a pervasive threat from attackers, motivating research into a variety of countermeasures for securing them. Assessing the effectiveness of these countermeasures is challenging, however, as realistic benchmarks of attacks are difficult to manually construct, blindly testing is ineffective due to the enormous search spaces and resource requirements, and intelligent fuzzing approaches require impractical amounts of data and network access. In this work, we propose active fuzzing, an automatic approach for finding test suites of packet-level CPS network attacks, targeting scenarios in which attackers can observe sensors and manipulate packets, but have no existing knowledge about the payload encodings. Our approach learns regression models for predicting sensor values that will result from sampled network packets, and uses these predictions to guide a search for payload manipulations (i.e. bit flips) most likely to drive the CPS into an unsafe state. Key to our solution is the use of online active learning, which iteratively updates the models by sampling payloads that are estimated to maximally improve them. We evaluate the efficacy of active fuzzing by implementing it for a water purification plant testbed, finding it can automatically discover a test suite of flow, pressure, and over/underflow attacks, all with substantially less time, data, and network access than the most comparable approach. Finally, we demonstrate that our prediction models can also be utilised as countermeasures themselves, implementing them as anomaly detectors and early warning systems.

Mon 20 Jul
Times are displayed in time zone: Tijuana, Baja California change

10:50 - 11:50: FUZZINGTechnical Papers at Zoom
Chair(s): Rody KerstenSynopsys, Inc.

Public Live Stream/Recording. Registered participants should join via the Zoom link distributed in Slack.

10:50 - 11:10
WEIZZ: Automatic Grey-Box Fuzzing for Structured Binary Formats
Technical Papers
Andrea FioraldiSapienza University Rome, Daniele Cono D'EliaSapienza University of Rome, Emilio CoppaSapienza University of Rome, Italy
DOI Pre-print Media Attached
11:10 - 11:30
Active Fuzzing for Testing and Securing Cyber-Physical Systems
Technical Papers
Yuqi ChenSingapore Management University, Bohan Xuan, Chris PoskittSingapore Management University, Jun SunSingapore Management University, Fan Zhang
DOI Pre-print Media Attached
11:30 - 11:50
Learning Input Tokens for Effective FuzzingArtifacts AvailableArtifacts Evaluated – Functional
Technical Papers
Björn MathisCISPA Helmholtz Center for Information Security, Rahul GopinathCISPA Helmholtz Center for Information Security, Andreas ZellerCISPA Helmholtz Center for Information Security
Link to publication DOI