An In-Depth Security Assessment of Maritime Container Terminal Software Systems

Eichenhofer, Joseph O.; Heymann, Elisa; Miller, Barton P.; Kang, Arnold

doi:10.1109/access.2020.3008395

Cited by 14 publications

(5 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We still too frequently find such things as not checking for return values (Section 4.2.2) and careless error handling (Section 4.2.3). These are exactly the kinds of errors that we have found in our in-depth software assessment activities [5] and that we teach about in our Introduction to Software Security course [7]. Computer science curriculums need to emphasize these practices at every level and in every area, not just in security or software engineering classes.…”

Section: Commentary On Resultsmentioning

confidence: 99%

The Relevance of Classic Fuzz Testing: Have We Solved This One?

Miller,

Zhang,

Heymann

2020

Preprint

Self Cite

View full text Add to dashboard Cite

As fuzz testing has passed its 30th anniversary, and in the face of the incredible progress in fuzz testing techniques and tools, the question arises if the classic, basic fuzz technique is still useful and applicable? In that tradition, we have updated the basic fuzz tools and testing scripts and applied them to a large collection of Unix utilities on Linux, FreeBSD, and MacOS. As before, our failure criteria was whether the program crashed or hung. We found that 9 crash or hang out of 74 utilities on Linux, 15 out of 78 utilities on FreeBSD, and 12 out of 76 utilities on MacOS. A total of 24 different utilities failed across the three platforms. We note that these failure rates are somewhat higher than our in previous 1995, 2000, and 2006 studies of the reliability of command line utilities. In the basic fuzz tradition, we debugged each failed utility and categorized the causes the failures. Classic categories of failures, such as pointer and array errors and not checking return codes, were still broadly present in the current results. In addition, we found a couple of new categories of failures appearing. We present examples of these failures to illustrate the programming practices that allowed them to happen. As a side note, we tested the limited number of utilities available in a modern programming language (Rust) and found them to be of no better reliability than the standard ones.

show abstract

Section: Commentary On Resultsmentioning

confidence: 99%

The Relevance of Classic Fuzz Testing: Have We Solved This One?

Miller,

Zhang,

Heymann

2020

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…With technology becoming increasingly intertwined with these operations, the associated risks are rising, necessitating a comprehensive risk assessment. Eichenhofer et al's [49] study delved deep into the importance of ICT security in the maritime industry by evaluating software vulnerabilities in commodity systems and providing detailed insights using the First Principles Vulnerability Assessment methodology. Their analysis brings out numerous significant vulnerabilities in the code, underscoring the absolute necessity for risk assessment.…”

Section: Risk Assessmentmentioning

confidence: 99%

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Dimakopoulou,

Rantos

2024

JMSE

View full text Add to dashboard Cite

As technology advances and digitalization becomes more prevalent in the industry, the cyber threats to maritime systems and operations have significantly increased. The maritime sector relies heavily on interconnected networks, communication systems, and sophisticated technologies for its operations, making it an attractive target for cybercriminals, nation-states, and other threat actors. Safeguarding the maritime sector against cyber threats is crucial to ensuring the safety, integrity, and efficiency of maritime operations as well as for protecting sensitive information and global trade. The International Maritime Organization (IMO) has played a significant role in addressing cybersecurity issues, leading to the implementation of regulations aimed at risk reduction. This paper delves into the realm of cybersecurity within the maritime industry, offering an in-depth analysis of its various aspects through an extensive literature review based on the latest Version 2.0 of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (CSF) functional areas. The primary objective is to establish a connection between research and NIST’s functions and categories, thereby presenting a nascent perspective and identifying existing security research gaps. Through the adoption of this strategic approach, the present paper aims to cultivate a forward-looking and proactive state of maturity in anticipation of future developments within the maritime industry. The outcomes of this research can provide valuable reference points in academic discourse, potentially leading to new hypotheses, and fuel innovation in developing advanced cybersecurity measures within the maritime industry.

show abstract

“…This encompasses diverse cyber threats faced by MASS during open-sea navigation. Lastly, "Space Systems Cybersecurity Guidelines" [37] provide guidelines, but adapting these to MASS specifics, including its independence, communication challenges, and integration of space and sea technologies, is crucial. Existing studies contribute valuable insights into cybersecurity, autonomous systems, and maritime operations.…”

Section: B Comparative Analysis With Existing Studiesmentioning

confidence: 99%

Maritime Autonomous Surface Ships: A Review of Cybersecurity Challenges, Countermeasures, and Future Perspectives

Tabish,

Chaur-Luh

2024

IEEE Access

View full text Add to dashboard Cite

Maritime Autonomous Surface Ships (MASS) have brought a transformative wave in the marine industry, yielding unprecedented operational advancements and efficiency gains. However, this paradigm shift has concurrently raised substantial cybersecurity concerns that demand meticulous attention to mitigate the impact of attacks on MASS stability. This study presents a comprehensive examination of the cybersecurity landscape, shedding light on prevalent issues concerning the data independence, integrity, and connectivity of MASS. The effectiveness of existing defense strategies against both inbound and outbound cyberattacks, focusing on attack detection and classification, is rigorously scrutinized. This analysis encompasses regulatory frameworks, encryption methods, intrusion detection systems, and a systematic approach to identifying and categorizing cyber threats. Additionally, the study anticipates future developments in cyber threats and proposes innovative solutions to fortify MASS defenses against potential cybersecurity vulnerabilities. To align with cybersecurity standards, this paper integrates challenges, possible solutions, and future advancements in a structured and cohesive manner, ensuring a thorough understanding of the intricate cybersecurity ecosystem surrounding Maritime Autonomous Surface Ships.

show abstract

An In-Depth Security Assessment of Maritime Container Terminal Software Systems

Cited by 14 publications

References 8 publications

The Relevance of Classic Fuzz Testing: Have We Solved This One?

The Relevance of Classic Fuzz Testing: Have We Solved This One?

Comprehensive Analysis of Maritime Cybersecurity Landscape Based on the NIST CSF v2.0

Maritime Autonomous Surface Ships: A Review of Cybersecurity Challenges, Countermeasures, and Future Perspectives

Contact Info

Product

Resources

About