Fuzzing Self-Described Structures
Loading...
Authors
Abols, Kathleen
Date
Type
thesis
Language
eng
Keyword
Fuzzing , Digital navigation charts , Cyber security , Grammar-based fuzzing , Parsing , Legacy file formats
Alternative Title
Abstract
Legacy formats are pervasive in digital spaces due to the need to read older data. Fuzzing
offers a way to proactively identify errors and vulnerabilities but can be computationally
expensive when undirected. A method of directing fuzzing is to generate or mutate data
based on a grammar to narrow the scope of inputs. In this thesis, we present our approach
for parsing and generating data for self-defining data formats that include elements of
their own grammar using a mixed data-type file format. Our research focuses on maritime
cyber security, specifically S-57 naval charts built on the self-defining file specification
ISO/IEC 8211. We define an approach to parse ISO/IEC 8211 and leverage generic
parsing tools to create a framework for mutating S-57 charts. Our framework, ParseENC,
makes both low-level syntactic and high-level semantic mutations to chart files to cause
erroneous behaviour in maritime navigation software. As opposed to causing crashes, our
focus is on generating malformed charts that are syntactically correct, but incorrect on a
semantic level that is harder for the target system to automatically detect. Our research
explores mutating charts at both the syntactic and higher-level semantic levels. The
results include two instances where we triggered program crashes and found a bug in
OpenCPN. Another low-level change caused unexpected rendering behaviour. Of the
high-level changes, we explored various ways of breaking semantic rules without
preventing the charts from being loaded in. We additionally implemented fuzzing for
geometric data which allowed us to add a level of randomness to our experiments while
adhering to desired semantic rules and other chosen constraints.
Description
Citation
Publisher
License
Queen's University's Thesis/Dissertation Non-Exclusive License for Deposit to QSpace and Library and Archives Canada
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution-NonCommercial-ShareAlike 3.0 United States
ProQuest PhD and Master's Theses International Dissemination Agreement
Intellectual Property Guidelines at Queen's University
Copying and Preserving Your Thesis
This publication is made available by the authority of the copyright owner solely for the purpose of private study and research and may not be copied or reproduced except as permitted by the copyright laws without written authority from the copyright owner.
Attribution-NonCommercial-ShareAlike 3.0 United States