针对VxWorks电力工控终端的模糊测试方法  

A Fuzzy Testing Method for VxWorks System in PICS

在线阅读下载全文

作  者:陈锦山 余斯航 祁琦 孙鑫 安珂欣 李俊娥[2] CHEN Jinshan;YU Sihang;QI Qi;SUN Xin;AN Kexin;LI June(State Grid Fujian Electric Power Research Institute,Fuzhou 350000,Fujian Province,China;Key Laboratory of Aerospace Information Security and Trusted Computing,Ministry of Education(School of Cyber Science and Engineering,Wuhan University),Wuhan 430072,Hubei Province,China)

机构地区:[1]国网福建省电力有限公司电力科学研究院,福建省福州市350000 [2]空天信息安全与可信计算教育部重点实验室(武汉大学国家网络安全学院),湖北省武汉市430072

出  处:《电力信息与通信技术》2023年第9期15-22,共8页Electric Power Information and Communication Technology

基  金:国网福建省电力有限公司科技项目(52130420001U)。

摘  要:VxWorks是电力工控终端广泛采用的实时嵌入式操作系统。电力工控系统中,嵌入式系统大多被裁剪、运行周期长,系统中可能长期存在未知漏洞。现有模糊测试方法未考虑嵌入式终端系统特点,对VxWorks系统适用性差。因此,文章提出针对VxWorks电力工控终端的模糊测试方法,选取WDB RPC接口及在其上运行的RPC协议作为测试对象,结合等价类划分技术和滑动窗口位翻转算法生成模糊测试用例,并基于边界值分析技术对用例进行验证。实验结果表明,所提方法能有效挖掘VxWorks系统内存崩溃漏洞。VxWorks is a widely adopted real-time embedded operating system for PICS(Power Industrial Control System).In PICS,embedded systems are often trimmed down and have long operational cycles,which will lead to long-term unidentified vulnerabilities in the system.Existing fuzzy testing methods do not adequately consider the characteristics of embedded terminal systems and exhibit poor applicability to VxWorks.Therefore,a fuzzy testing method specifically tailored for VxWorks in PICS is proposed.The WDB RPC interface and the RPC protocol running on it are selected as the test targets.The method combines equivalence class partitioning techniques and a sliding window bit flipping algorithm to generate fuzz test cases,which are further validated using boundary value analysis techniques.Experimental results demonstrate that this method effectively uncovers memory crash vulnerabilities in the VxWorks system.

关 键 词:电力工控终端 VXWORKS 模糊测试 WDB RPC接口 等价类划分 

分 类 号:TM74[电气工程—电力系统及自动化]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象