Stephan Havermans (IMDEA Software Institute), Lars Baumgaertner, Jussi Roberts, Marcus Wallum (European Space Agency), Juan Caballero (IMDEA Software Institute)

Space systems are critical assets and protecting them against cyberattacks is a paramount challenge that has received limited attention. In particular, it is fundamental to secure spacecraft communications by identifying and removing potential vulnerabilities in the implementations of space (communication) protocols, which could be remotely exploited by attackers. This work reports our preliminary experiences when fuzzing five open-source implementations of four space protocols using two approaches: grammar-based fuzzing and coverageguided fuzzing. To enable the fuzzing, we created grammars for the protocols and custom harnesses for the targets. Our fuzzing identified 11 vulnerabilities across four targets caused by typical memory-related bugs such as double-frees, out-of-bounds reads, and the use of uninitialized variables. We responsibly disclosed the vulnerabilities. To date, 5 vulnerabilities have been patched and 4 have been awarded CVE identifiers. Additionally, we discovered a discrepancy in how one target interprets a protocol standard, which we reported and has since been fixed.

View More Papers

Rondo: Scalable and Reconfiguration-Friendly Randomness Beacon

Xuanji Meng (Tsinghua University), Xiao Sui (Shandong University), Zhaoxin Yang (Tsinghua University), Kang Rong (Blockchain Platform Division,Ant Group), Wenbo Xu (Blockchain Platform Division,Ant Group), Shenglong Chen (Blockchain Platform Division,Ant Group), Ying Yan (Blockchain Platform Division,Ant Group), Sisi Duan (Tsinghua University)

Read More

Can a Cybersecurity Question Answering Assistant Help Change User...

Lea Duesterwald (Carnegie Mellon University), Ian Yang (Carnegie Mellon University), Norman Sadeh (Carnegie Mellon University)

Read More

Vision: Towards True User-Centric Design for Digital Identity Wallets

Yorick Last (Paderborn University), Patricia Arias Cabarcos (Paderborn University)

Read More

A Method to Facilitate Membership Inference Attacks in Deep...

Zitao Chen (University of British Columbia), Karthik Pattabiraman (University of British Columbia)

Read More