Proceedings Article10.1109/ITNEC.2019.8729362
Detecting Buffer-Overflow Vulnerabilities in Smart Grid Devices via Automatic Static Analysis
Huan Ying,Yanmiao Zhang,Lifang Han,Yushi Cheng,Jiyuan Li,Xiaoyu Ji,Wenyuan Xu +6 more
- 15 Mar 2019
- pp 813-817
8
TL;DR: A novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA) and achieves vulnerability detection and error reporting with a high accuracy and a low false positive rate.
read more
Abstract: As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it’s critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Security aspects of Internet of Things aided smart grids: A bibliometric survey
Jacob Sakhnini,Hadis Karimipour,Ali Dehghantanha,Reza M. Parizi,Gautam Srivastava +4 more
- 01 Jun 2021
TL;DR: In this paper, a bibliometric survey of research papers focused on the security aspects of Internet of Things (IoT) aided smart grids is presented, which is the very first survey paper in this specific field.
A Survey on Cybersecurity Challenges, Detection, and Mitigation Techniques for the Smart Grid
TL;DR: This survey explores various threats and vulnerabilities that can affect the key elements of cybersecurity in the smart grid network and then presents the security measures to avert those threats andulnerabilities at three different levels.
94
Security Aspects of Internet of Things aided Smart Grids: a Bibliometric Survey
TL;DR: The types of cyber threats facing the smart grid, the various security mechanisms proposed in literature, as well as the research gaps in the field of smart grid security are summarized.
59
SoK: Enabling Security Analyses of Embedded Systems via Rehosting
Andrew Fasano,Tiemoko Ballo,Marius Muench,Tim Leek,Alexander Bulekov,Brendan Dolan-Gavitt,Manuel Egele,Aurélien Francillon,Long Lu,Nick Gregory,Davide Balzarotti,William Robertson +11 more
- 24 May 2021
TL;DR: It is established that emulation is insufficient to conduct large-scale dynamic analysis of real-world hardware systems and rehosting is presented as a firmware-centric alternative and taxonomize preliminary re hosting efforts, identify the fundamental components of the rehosted process, and propose directions for future research.
38
Security and Privacy Analysis of Smartphone-Based Driver Monitoring Systems from the Developer’s Point of View
TL;DR: This paper describes an original approach for a security and privacy analysis of driver monitoring systems based on smartphone sensors that uses white-box testing principles and aims to help developers evaluate and improve their products.
2
References
BitBlaze: A New Approach to Computer Security via Binary Analysis
Dawn Song,David Brumley,Heng Yin,Juan Caballero,Ivan Jager,Min Gyung Kang,Zhenkai Liang,James Newsome,Pongsin Poosankam,Prateek Saxena +9 more
- 16 Dec 2008
TL;DR: An overview of the BitBlaze project, a new approach to computer security via binary analysis that focuses on building a unified binary analysis platform and using it to provide novel solutions to a broad spectrum of different security problems.
•Proceedings Article
A large-scale analysis of the security of embedded firmwares
Andrei Costin,Jonas Zaddach,Aurélien Francillon,Davide Balzarotti +3 more
- 20 Aug 2014
TL;DR: The first public, large-scale analysis of firmware images is presented, which discovered a total of 38 previously unknown vulnerabilities in over 693 firmware images and extended some of those vulnerabilities to over 123 different products.
LAVA: Large-Scale Automated Vulnerability Addition
Brendan Dolan-Gavitt,Patrick Hulin,Engin Kirda,Tim Leek,Andrea Mambretti,Wil Robertson,Frederick Ulrich,Ryan Whelan +7 more
- 22 May 2016
TL;DR: LAVA, a novel dynamic taint analysis-based technique for producing ground-truth corpora by quickly and automatically injecting large numbers of realistic bugs into program source code, forms the basis of an approach for generating large ground- Truth vulnerability corpora on demand, enabling rigorous tool evaluation and providing a high-quality target for tool developers.
379
Structural Comparison of Executable Objects
Halvar Flake
- 01 Jul 2004
TL;DR: A method to heuristically construct an isomorphism between the sets of functions in two similar but differing versions of the same executable file has multiple practical applications, specifically the ability to detect programmatic changes between the two executable versions.
Leveraging semantic signatures for bug search in binary programs
Jannik Pewny,Felix Schuster,Lukas Bernhard,Thorsten Holz,Christian Rossow +4 more
- 08 Dec 2014
TL;DR: A method to automatically identify binary code regions that are "similar" to code regions containing a reference bug to find bugs both in the same binary as the reference bug and in completely unrelated binaries (even compiled for different operating systems).