OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology

Xiong Qi, Peng Yong, Zhonghua Dai, Shengwei Yi, Ting Wang
2014 International Journal of Computer and Communication Engineering  
With the rapid development of information and Industrial Technology, as the common data accessing interface for data provider, OPC technology is more and more widely deployed in the acquiring and sharing of production data. Yet, traditional OPC technology usually runs in the closed environment, always ignoring security defense, will cause serious consequence under malicious attack. For the complexity structure of OPC, with the feature of underlying layers like DCOM and RPC, which provide basic
more » ... etwork service for upper layer, act as the critical causes for the faults of OPC protocol, unfortunately cannot be tested for vulnerability directly with traditional Fuzzer. In this paper, a vulnerability detecting tool for OPC protocol based on Fuzzing technology named OPC-MFuzzer is proposed and implemented; three different test case generating mechanisms for the testing of OPC, DCOM and RPC are developed separately. Finally three commercial OPC servers are selected for the experiment of vulnerability testing. The result shows that some vulnerability can be tested with the tool proposed, which prove the effective of such tool.
doi:10.7763/ijcce.2014.v3.339 fatcat:4sgfqeucnjgsznjpvpue3a3utm