Volume 3 Number 4 (Jul. 2014)
Home > Archive > 2014 > Volume 3 Number 4 (Jul. 2014) >
IJCCE 2014 Vol.3(4): 300-305 ISSN: 2010-3743
DOI: 10.7763/IJCCE.2014.V3.339

OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology

Xiong Qi, Peng Yong, Zhonghua Dai, Shengwei Yi, and Ting Wang
Abstract—With the rapid development of information and Industrial Technology, as the common data accessing interface for data provider, OPC technology is more and more widely deployed in the acquiring and sharing of production data. Yet, traditional OPC technology usually runs in the closed environment, always ignoring security defense, will cause serious consequence under malicious attack. For the complexity structure of OPC, with the feature of underlying layers like DCOM and RPC, which provide basic network service for upper layer, act as the critical causes for the faults of OPC protocol, unfortunately cannot be tested for vulnerability directly with traditional Fuzzer. In this paper, a vulnerability detecting tool for OPC protocol based on Fuzzing technology named OPC-MFuzzer is proposed and implemented; three different test case generating mechanisms for the testing of OPC, DCOM and RPC are developed separately. Finally three commercial OPC servers are selected for the experiment of vulnerability testing. The result shows that some vulnerability can be tested with the tool proposed, which prove the effective of such tool.

Index Terms—Vulnerability detecting, security testing, fuzzing technology, OPC protocol.

The authors are with the China Information Technology Security Evaluation Center, Beijing 100085, China (e-mail: xiongq@itsec.gov.cn, pengy@itsec.gov.cn, daizh@itsec.gov.cn, yisw@itsec.gov.cn, wangt@itsec.gov.cn).

Cite:Xiong Qi, Peng Yong, Zhonghua Dai, Shengwei Yi, and Ting Wang, "OPC-MFuzzer: A Novel Multi-Layers Vulnerability Detection Tool for OPC Protocol Based on Fuzzing Technology," International Journal of Computer and Communication Engineering vol. 3, no. 4, pp. 300-305, 2014.

General Information

ISSN: 2010-3743
Frequency: Quarterly
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: EI (INSPEC, IET), Google Scholar, Crossref, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
  • Aug 06, 2018 News!

    IJCCE Vol. 5, No. 6 - Vol. 6, No. 2 have been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Oct 19, 2018 News!

    IJCCE Vol.7, No.4 is published with online version!   [Click]

  • Jul 30, 2018 News!

     IJCCE Vol.7, No.3 is published with online version!   [Click]

  • May 30, 2018 News!

    IJCCE Vol.7, No.2 is published with online version!   [Click]

  • Nov 07, 2017 News!

    IJCCE Vol. 5, No. 5 has been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Read more>>