Paper | Title | Page |
---|---|---|
THX03 | TCP/IP Vulnerabilities of Embedded-System Implementations | 224 |
|
||
TCP/IP is established as a de facto standard network-communication protocol. Development of the TCP/IP enables us to build a large-scale distributed control system. Recent accelerator-control system consists of many TCP/IP devices; not only computers, but also embedded devices such as digital multimeters, oscilloscopes, multi-channel analyzers, and so on. Since these embedded devices are designed with limited hardware resources, most devices use subset of the TCP/IP components. The limited resources and components therefore cause many problems such as vulnerabilities of TCP/IP implementations. In SPring8, by increasing the number of network-connected instruments with latent vulnerabilities, more trouble have arisen such as packet flooding and unexpected response delaying. One of the most serious trouble is hang-up of pulse-motor controllers* based on embedded operating system. To determine cause of the trouble, network-connected instruments were inspected using basic TCP/IP tools and security scanners. As a result, we successfully found vulnerabilities of embedded implementation. In this presentation, the cause of vulnerabilities in embedded systems will be discussed.
* T. Masuda et. al., Proceedings of PCaPAC2005, WEP30 (2005) |
||
Slides |