Abstract—With the rapid development of information and Industrial Technology, as the common data accessing interface for data provider, OPC technology is more and more widely deployed in the acquiring and sharing of production data. Yet, traditional OPC technology usually runs in the closed environment, always ignoring security defense, will cause serious consequence under malicious attack. For the complexity structure of OPC, with the feature of underlying layers like DCOM and RPC, which provide basic network service for upper layer, act as the critical causes for the faults of OPC protocol, unfortunately cannot be tested for vulnerability directly with traditional Fuzzer. In this paper, a vulnerability detecting tool for OPC protocol based on Fuzzing technology named OPC-MFuzzer is proposed and implemented; three different test case generating mechanisms for the testing of OPC, DCOM and RPC are developed separately. Finally three commercial OPC servers are selected for the experiment of vulnerability testing. The result shows that some vulnerability can be tested with the tool proposed, which prove the effective of such tool.

Index Terms—Vulnerability detecting, security testing, fuzzing technology, OPC protocol.

The authors are with the China Information Technology Security Evaluation Center, Beijing 100085, China (e-mail: xiongq@itsec.gov.cn, pengy@itsec.gov.cn, daizh@itsec.gov.cn, yisw@itsec.gov.cn, wangt@itsec.gov.cn).

Cite:Xiong Qi, Peng Yong, Zhonghua Dai, Shengwei Yi, and Ting Wang, "OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology," International Journal of Computer and Communication Engineering vol. 3, no. 4, pp. 300-305, 2014.