Visible to the public Detecting Buffer-Overflow Vulnerabilities in Smart Grid Devices via Automatic Static Analysis

TitleDetecting Buffer-Overflow Vulnerabilities in Smart Grid Devices via Automatic Static Analysis
Publication TypeConference Paper
Year of Publication2019
AuthorsYing, Huan, Zhang, Yanmiao, Han, Lifang, Cheng, Yushi, Li, Jiyuan, Ji, Xiaoyu, Xu, Wenyuan
Conference Name2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC)
ISBN Number978-1-5386-6243-4
KeywordsAnalytical models, automatic static analysis, buffer-overflow vulnerabilities, buffer-overflow vulnerability detection, composability, compositionality, Computer bugs, device program information, error reporting, feature extraction, Human Behavior, Metrics, modern power transmission network, power engineering computing, power grid vulnerability analysis, power system, power system security, predefined vulnerability patterns, program diagnostics, pubcrawl, resilience, Resiliency, Safety, security of data, security threats, smart grid devices, Smart grids, smart meters, smart power grids, smart terminals, static analysis, Syntactics, terminal devices, terminal security, vulnerability detection

As a modern power transmission network, smart grid connects plenty of terminal devices. However, along with the growth of devices are the security threats. Different from the previous separated environment, an adversary nowadays can destroy the power system by attacking these devices. Therefore, it's critical to ensure the security and safety of terminal devices. To achieve this goal, detecting the pre-existing vulnerabilities of the device program and enhance the terminal security, are of great importance and necessity. In this paper, we propose a novel approach that detects existing buffer-overflow vulnerabilities of terminal devices via automatic static analysis (ASA). We utilize the static analysis to extract the device program information and build corresponding program models. By further matching the generated program model with pre-defined vulnerability patterns, we achieve vulnerability detection and error reporting. The evaluation results demonstrate that our method can effectively detect buffer-overflow vulnerabilities of smart terminals with a high accuracy and a low false positive rate.

Citation Keyying_detecting_2019