Fuzz testing of industrial network protocols in programmable logic controllers
| dc.contributor.advisor | Nguyen, Thuy D. | |
| dc.contributor.advisor | Irvine, Cynthia | |
| dc.contributor.author | Gormley, James J., III | |
| dc.contributor.department | Information Sciences (IS) | |
| dc.date.accessioned | 2018-02-07T20:37:23Z | |
| dc.date.available | 2018-02-07T20:37:23Z | |
| dc.date.issued | 2017-12 | |
| dc.description.abstract | Daily operations of U.S. Navy afloat and ashore systems are heavily reliant on industrial control systems (ICSs) to manage critical infrastructure services. Programmable logic controllers (PLCs) are vital components in these cyber-physical systems. The industrial network protocols used to communicate between nodes in a control network are complex and vulnerable to a myriad of cyber attacks, as reported by Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team. This thesis utilizes protocol fuzz testing techniques to investigate potential vulnerabilities in the Allen-Bradley/Rockwell Automation (AB/RA) MicroLogix 1100 PLC through its implementation of EtherNet/IP, Common Industrial Protocol (CIP), and Programmable Controller Communication Commands (PCCC) communication protocols. This research also examines whether cross-generational vulnerabilities exist in the more advanced AB/RA ControlLogix 1756-L71 PLC. Our results discover several deviations from the EtherNet/IP and PCCC specifications in the MicroLogix 1100 implementation of these protocols. Additionally, we find that a recently disclosed denial-of-service vulnerability that renders the MicroLogix 1100 inoperable does not trigger a similar fault condition in the ControlLogix PLC. | en_US |
| dc.description.distributionstatement | Approved for public release; distribution is unlimited. | |
| dc.description.service | Lieutenant Commander, United States Navy | en_US |
| dc.description.uri | http://archive.org/details/fuzztestingofind1094556926 | |
| dc.identifier.uri | https://hdl.handle.net/10945/56926 | |
| dc.publisher | Monterey, CA; Naval Postgraduate School | |
| dc.rights | This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States. | en_US |
| dc.subject.author | industrial control system | en_US |
| dc.subject.author | protocol fuzz testing | en_US |
| dc.subject.author | PLC | en_US |
| dc.subject.author | EtherNet/IP | en_US |
| dc.subject.author | CIP | en_US |
| dc.subject.author | PCCC | en_US |
| dc.subject.author | MicroLogix | en_US |
| dc.subject.author | ControlLogix | en_US |
| dc.title | Fuzz testing of industrial network protocols in programmable logic controllers | en_US |
| dc.type | Thesis | en_US |
| dspace.entity.type | Publication | |
| etd.thesisdegree.discipline | Cyber Systems and Operations | en_US |
| etd.thesisdegree.grantor | Naval Postgraduate School | en_US |
| etd.thesisdegree.level | Masters | en_US |
| etd.thesisdegree.name | Master of Science in Cyber Systems and Operations | en_US |
| relation.isDepartmentOfPublication | 74f4d405-0bff-4b6e-9446-edae3a8b11bb | |
| relation.isDepartmentOfPublication.latestForDiscovery | 74f4d405-0bff-4b6e-9446-edae3a8b11bb |
Files
Original bundle
1 - 1 of 1