Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks

Anne Borcherding, Anne Borcherding, Philipp Takacs, Jürgen Beyerer, Jürgen Beyerer, Jürgen Beyerer

2022

Abstract

To ensure functionality and security of network stacks in Industrial Devices, thorough testing is necessary. This includes blackbox network fuzzing, where fields in network packets are filled with unexpected values to test the device’s behavior in edge cases. Due to resource constraints, the tests need to be efficient and such the input values need to be chosen intelligently. Previous solutions use heuristics based on vague knowledge from previous projects to make these decisions. We aim to structure existing knowledge by defining Vulnerability Anti-Patterns for network communication stacks based on an analysis of the recent vulnerability groups Ripple20, Amnesia:33, and Urgent/11. For our evaluation, we implement fuzzing test scripts based on the Vulnerability Anti-Patterns and run them against 8 Industrial Devices from 5 different device classes. We show (I) that similar vulnerabilities occur in implementations of the same protocol as well as in different protocols, (II) that similar vulnerabilities also spread over different device classes, and (III) that test scripts based on the Vulnerability Anti-Patterns help to identify these vulnerabilities.

Download


Paper Citation


in Harvard Style

Borcherding A., Takacs P. and Beyerer J. (2022). Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks. In Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-553-1, pages 334-344. DOI: 10.5220/0010806300003120


in Bibtex Style

@conference{icissp22,
author={Anne Borcherding and Philipp Takacs and Jürgen Beyerer},
title={Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks},
booktitle={Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2022},
pages={334-344},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0010806300003120},
isbn={978-989-758-553-1},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 8th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - Cluster Crash: Learning from Recent Vulnerabilities in Communication Stacks
SN - 978-989-758-553-1
AU - Borcherding A.
AU - Takacs P.
AU - Beyerer J.
PY - 2022
SP - 334
EP - 344
DO - 10.5220/0010806300003120