A configurable approach to cyber-physical systems fuzzing

Abstract

Operational Technology has gotten a growing place in our daily lives. With the increasing number of devices (connected or not), the need for a clean environment that allows effective and efficient testing is also increasing. Furthermore, some devices are connected to the physical world with the ability to affect it. Assembling those specific devices with at least a sensor, an actuator, and a (micro)processor creates Cyber-Physical Systems (CPSs). With such power in the hands of machines, it is imperative that they behave as expected and that they resist disruptive environments (whether from cyber attacks, unwanted noise, or environmental disturbance). Indeed, the impacts of an unexpected behavior could lead to significant damage (disruption of the production line, overheating of a nuclear reactor, false fire alarm, etc.). That is why the safety and the security of those systems should also be at the center of concerns. As the definition of those systems is quite simple, one can assemble various components to create a unique CPS. One could also modify an existing CPS to satisfy a specific need (e.g., a fire alarm system modified to detect carbon monoxide in the air, changing communication protocols or programming languages used for the sake of maintainability). To test such highly-configurable systems, there are multiple techniques. Fuzzing works particularly well with any system by sending pseudo-random inputs. To adapt to specific systems and test requirements (coverage, resources, etc.), fuzzing is itself highly-configurable (Grammar-based, symbolic, probabilistic, etc.). This is why it could perform particularly well with CPSs, which all might require a different and specific testing approach depending on their interfaces, components, etc. Currently, no frameworks allow for the classification of CPSs to enable the automatization of the generation of tests following their requirements. That is why this thesis will take a configurable approach to find and recommend the most suitable classification of CPS for testing and comparing the various fuzzing techniques to find the most effective ones based on relevant features and requirements of CPSs.