Stephan Havermans (IMDEA Software Institute), Lars Baumgaertner, Jussi Roberts, Marcus Wallum (European Space Agency), Juan Caballero (IMDEA Software Institute)

Space systems are critical assets and protecting them against cyberattacks is a paramount challenge that has received limited attention. In particular, it is fundamental to secure spacecraft communications by identifying and removing potential vulnerabilities in the implementations of space (communication) protocols, which could be remotely exploited by attackers. This work reports our preliminary experiences when fuzzing five open-source implementations of four space protocols using two approaches: grammar-based fuzzing and coverageguided fuzzing. To enable the fuzzing, we created grammars for the protocols and custom harnesses for the targets. Our fuzzing identified 11 vulnerabilities across four targets caused by typical memory-related bugs such as double-frees, out-of-bounds reads, and the use of uninitialized variables. We responsibly disclosed the vulnerabilities. To date, 5 vulnerabilities have been patched and 4 have been awarded CVE identifiers. Additionally, we discovered a discrepancy in how one target interprets a protocol standard, which we reported and has since been fixed.

View More Papers

DRAGON: Predicting Decompiled Variable Data Types with Learned Confidence...

Caleb Stewart, Rhonda Gaede, Jeffrey Kulick (University of Alabama in Huntsville)

Read More

Was This You? Investigating the Design Considerations for Suspicious...

Sena Sahin (Georgia Institute of Technology), Burak Sahin (Georgia Institute of Technology), Frank Li (Georgia Institute of Technology)

Read More

JBomAudit: Assessing the Landscape, Compliance, and Security Implications of...

Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University)

Read More

A Formal Approach to Multi-Layered Privileges for Enclaves

Ganxiang Yang (Shanghai Jiao Tong University), Chenyang Liu (Shanghai Jiao Tong University), Zhen Huang (Shanghai Jiao Tong University), Guoxing Chen (Shanghai Jiao Tong University), Hongfei Fu (Shanghai Jiao Tong University), Yuanyuan Zhang (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University)

Read More