Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Choi, Hyung Do; Kate, Sayali; Aafer, Yousra; Zhang, Xiangyu; Xu, Dongyan

doi:10.1145/3372297.3417249

Cited by 13 publications

(8 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Wibowo et al (2017) investigated the Architectural Vulnerability Factor (AVF) of all major in-core memory structures of an out-of-order superscalar processor while Sultana and Williams (2017) used micro patterns detect vulnerability in software. Ziems and Wu (2021) and Paradis et al, (2018) modelled test as a source code and used it for software vulnerability detection in natural language processing (NLP), Han et al (2019) proposed a static detection model, while Choi et al (2020) developed Cyber-Physical Inconsistency to target vulnerability detection in Robotic Vehicles (RVs).…”

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

This study provided a systematic literature review of software vulnerability detection (SVD) by searching ACM and IEEE databases for related literatures. Using the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) flowchart, a total of 55 studies published in the selected journals and conference proceeding of IEEE and ACM from 2015 to 2021 were reviewed. The objective is to identify, select and critically evaluate research works carried out on software vulnerability detection. The selected articles were grouped into 7 categories across various vulnerability detection evaluation criteria such as neural network – 5 papers, machine learning – 11 papers, static and dynamic analysis – 8 papers, code clone – 3 papers, classification – 4 papers, models – 3 papers, and frameworks – 6 papers. There are 15 articles that could not fall into any of these 7 categories, thus, they were place in others row that used different criteria to implement vulnerability detection. The result showed that many researchers used machine learning strategy to detect vulnerability in software since large volume of data can be reviewed easily with machine learning. Although many systems have been developed for detecting software vulnerability, none is able to show the type of vulnerability detected.

show abstract

Section: Analysis and Resultsmentioning

confidence: 99%

A systematic literature review of software vulnerability detection

2022

EJCSIT

View full text Add to dashboard Cite

show abstract

“…At a high level, PlanFuzz follows an evolutionary testing framework, which is widely adopted by prior works on domain-specific vulnerability discovery with high generality, effectiveness, and efficiency [21,26,[87][88][89]. To address the challenges in §III-B, the following key designs are introduced:…”

Section: A Overview Of Key Designsmentioning

confidence: 99%

“…Compared to AD systems, RVs typically follow the control commands sent by a base station without the need to make planning decisions by itself based on the surrounding environment. Thus, existing works concentrate on designs to find control-specific vulnerabilities [25,26,28] or highly rely on control-specific knowledge [27,138], which are thus orthogonal to the design challenges we need to address for discovering semantic vulnerabilities for BP in the AD context.…”

Section: Related Workmentioning

confidence: 99%

“…To achieve high practicality and realism, we assume that the attacker can only introduce seeminglybenign external physical objects to the driving environment, e.g., dumped cardboard boxes or parked bikes on the road side, attacker-driven vehicles, etc. Dynamic testing is a promising approach to achieve domain-specific vulnerability discovery in general [21][22][23][24][25][26][27][28]. However, none of the existing designs can be directly applied to our problem due to several unique design challenges specific to our problem definition: (C1) Lack of testing oracles to tell whether a change of a planning decision is overly conservative or not.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks

Wan¹,

Shen²,

Chuang³

et al. 2022

Preprint

View full text Add to dashboard Cite

In high-level Autonomous Driving (AD) systems, behavioral planning is in charge of making high-level driving decisions such as cruising and stopping, and thus highly securitycritical. In this work, we perform the first systematic study of semantic security vulnerabilities specific to overly-conservative AD behavioral planning behaviors, i.e., those that can cause failed or significantly-degraded mission performance, which can be critical for AD services such as robo-taxi/delivery. We call them semantic Denial-of-Service (DoS) vulnerabilities, which we envision to be most generally exposed in practical AD systems due to the tendency for conservativeness to avoid safety incidents. To achieve high practicality and realism, we assume that the attacker can only introduce seemingly-benign external physical objects to the driving environment, e.g., off-road dumped cardboard boxes.To systematically discover such vulnerabilities, we design PlanFuzz, a novel dynamic testing approach that addresses various problem-specific design challenges. Specifically, we propose and identify planning invariants as novel testing oracles, and design new input generation to systematically enforce problemspecific constraints for attacker-introduced physical objects. We also design a novel behavioral planning vulnerability distance metric to effectively guide the discovery. We evaluate PlanFuzz on 3 planning implementations from practical open-source AD systems, and find that it can effectively discover 9 previouslyunknown semantic DoS vulnerabilities without false positives. We find all our new designs necessary, as without each design, statistically significant performance drops are generally observed. We further perform exploitation case studies using simulation and real-vehicle traces. We discuss root causes and potential fixes.

show abstract

“…If lessons are not learned and robot producers do not prioritize security today, it will come back to haunt them later [25]. Robots are exposed to a variety of vulnerabilities [30], [31] which can impair their connection, efficiency, procedures, and reliability. Multiple flaws in the operation of robots can render them dangerous to humans.…”

Section: Introductionmentioning

confidence: 99%

Humanoid Robots: Cybersecurity Concerns And Firewall Implementation

Munir,

Khan,

Aslam

et al. 2023

VFAST trans. softw. eng.

View full text Add to dashboard Cite

Technology has grown more important in our lives, and scientists are developing new products to make people’s life easier and more pleasant. One of these innovations is the humanoid robot. The use of humanoid robots in our daily lives is expanding at an unprecedented rate as robots are being used in different aspects of life. The market is becoming more automated and optimized, Robotics serves as one of the primary instruments used for these reasons. Yet, security continues to pose a concern for robotics. As humanoid robots begin to function "in the open," we must assess the threats they will confront. Through the literature review, researchers found that security assessments were not performed on the robots which cause the robots to be weak against cybersecurity attacks. In this research, we perform different security assessments to identify the vulnerabilities in humanoid robots. Furthermore, different metrics were used to check and perform security assessments on the robot as well as the results of security assessments has been shown. It was shown that humanoid robots are vulnerable as anyone will be able to hack the login credentials of robot’s website as well as there are some open ports in the robot’s network which can be used by the hackers to exploit robot’s working. Based on the results of assessment methods and our findings, we gave the firewall framework which will be helpful to protect the humanoid robot against those security vulnerabilities and attacks.This firewall framework will be able to protect the humanoid robots in aspects of both network and website/webpage exploitation.

show abstract

Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Cited by 13 publications

References 22 publications

A systematic literature review of software vulnerability detection

A systematic literature review of software vulnerability detection

Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks

Humanoid Robots: Cybersecurity Concerns And Firewall Implementation

Contact Info

Product

Resources

About