Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences

Chen, Yuqi; Poskitt, Christopher M.; Sun, Jun; Adepu, Sridhar; Zhang, Fan

doi:10.1109/ase.2019.00093

Cited by 50 publications

(60 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Additionally, fuzzing approaches that specifically target CPS [21], [22], [41] cannot discover this kind of safety violations for two main reasons. First, policy violations are often triggered by the composition of different types of system inputs.…”

Section: Motivating Examplementioning

confidence: 99%

“…Traditional fuzzing techniques [5], [44], [48] including those for CPS [21], [22], [41] have two main limitations that prevent their adoption for policy-guided fuzzing in real-world systems. First, their bug oracles are not designed to detect undesired system states that do not cause a system crash, memory-access violation, or physical instability.…”

Section: A Design Challengesmentioning

confidence: 99%

“…Unimplemented command Conventional Fuzzing Methods [5], [44], [48] AR-SI [36] RVFuzzer [41] MAYDAY [40] Control Invariant [24] Cyber-Physical inconsistency [23] Fuzzing for CPSs [22] PGFuzz…”

Section: Misimplementationmentioning

confidence: 99%

“…In comparison to other approaches including traditional fuzzing methods [5], [44], [48], CPS fuzzing works [21], [22], and control instability detection works [23], [24], [36], [40], [41] as presented in Table X, PGFUZZ tests the whole control software by allowing users to define any functional requirements in the form of MTL formulas. This enables PGFUZZ to discover additional types of bugs such as checking for safety conditions (e.g., when a drone opens the parachute, as explained in Section VII-C1), drone physical crashes due to parameters' incorrect ranges (Section VII-C2), and incorrect altitude calculation (Section VII-C3).…”

Section: Related Workmentioning

confidence: 99%

See 3 more Smart Citations

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

Kim¹,

Ozmen²,

Bianchi³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

Unfortunately, previous fuzzing approaches cannot discover this type of violations for the following two reasons. First, they do not consider the entire input space of the RV's control software, including user commands, configuration parameters, and environmental factors. Second, they only focus on finding memory corruption bugs or RV's control stability issues. Therefore, they cannot detect safety policy violations, e.g., a drone is deploying the parachute at a too-low altitude. We develop PGFUZZ, a policy-based fuzzing framework designed to address these challenges. PGFUZZ includes three interconnected components: (1) Pre-Processing, (2) Policy-Guided Fuzzing, and (3) Bug Post-Processing. In the Pre-Processing component, we express the correct operation of an RV through policies denoted by a metric temporal logic (MTL). Thereafter, we minimize the fuzzing space via finding inputs related to the tested policies that, when mutated, could potentially trigger policy violations. For example, given a policy in natural language stating that "the fail-safe mode must be triggered when the engine temperature is higher than 100°C", PGFUZZ expresses this policy with the MTL formula: {(temperature>100°C) → (failsafe=on)}. It then decomposes this formula into the temperature and the fail-safe mode states, and identifies fuzzing inputs such as user commands (e.g., increasing temperature) and configuration parameters (e.g., units of temperature), influencing the policy states. Then, the Policy-Guided Fuzzing mutates inputs identified by the Pre-Processing component. It implements two kinds of distance metrics, propositional distances to guide the mutation engine, and a global distance to detect when a policy violation occurs. The distance metrics quantify how close the current system states are to a policy violation. Positive distances indicate the policy holds, whereas negative distances indicate the policy is violated. Therefore, PGFUZZ mutates inputs to minimize the global distance. After each input is sent to the control software, which runs in an RV simulator, PGFUZZ collects the system states and computes the distance metrics. The input's impact on the distance metric (whether it increases or decreases) is leveraged to decide on the next inputs. When the global distance becomes negative, a policy violation is detected. Turning to the fail-safe mode example, PGFUZZ mutates inputs to increase the temperature to be larger than 100°C, and checks whether, at the same time, the fail-safe mode is activated. The last component, Bug Post-Processing, minimizes the input sequence triggering the bugs by excluding inputs irrelevant to the policy violation. The minimized input sequence is then used to identify the root cause of each violated policy. To verify the correctness and effectiveness of PGFUZZ, we Abstract-Robotic vehicles (RVs) are becoming essential tools of modern systems, including autonomous delivery services, public transportation, and environment monitoring. Despite their diverse deployment, safety and security issues ...

show abstract

Section: Motivating Examplementioning

confidence: 99%

Section: A Design Challengesmentioning

confidence: 99%

Section: Misimplementationmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

Kim¹,

Ozmen²,

Bianchi³

et al. 2021

Proceedings 2021 Network and Distributed System Security Symposium

View full text Add to dashboard Cite

show abstract

“…Control theoretic models (Kwon et al 2013) reduce the entire attack space to a mathematically tractable noise and abstract the physical aspects whereas the attacks designed in this paper are from a cyber physical attacker model (Adepu and Mathur 2016b) and affords an opportunity to widen the attack surface. The investigation of attacks (Kang et al 2016;Adepu et al 2020) and automatic generation of attacks (Chen et al 2019) have been studied.…”

Section: Related Workmentioning

confidence: 99%

Cascading effects of cyber-attacks on interconnected critical infrastructure

et al. 2021

Self Cite

View full text Add to dashboard Cite

Modern critical infrastructure, such as a water treatment plant, water distribution system, and power grid, are representative of Cyber Physical Systems (CPSs) in which the physical processes are monitored and controlled in real time. One source of complexity in such systems is due to the intra-system interactions and inter-dependencies. Consequently, these systems are a potential target for attackers. When one or more of these infrastructure are attacked, the connected systems may also be affected due to potential cascading effects. In this paper, we report a study to investigate the cascading effects of cyber-attacks on two interdependent critical infrastructure namely, a Secure water treatment plant (SWaT) and a Water Distribution System (WADI).

show abstract

Survey on test case generation, selection and prioritization for cyber‐physical systems

Sadri-Moshkenani

Bradley

Rothermel

2021

Software Testing Verif & Rel

View full text Add to dashboard Cite

A cyber-physical system (CPS) is a collection of computing devices that communicate with each other, operate in the target environment via actuators and interact with the physical world through sensors in a feedback loop. CPSs need to be safe and reliable and function in accordance with their requirements. Testing, focusing on a CPS model and/or its code, is the primary approach used by engineers to achieve this. Generating, selecting and prioritizing test cases that can reveal faults in CPSs, from the wide range of possible input values and stimuli that affect their operation, are of central importance in this process. To date, however, in our search of the literature, we have found no comprehensive survey of research on test case generation, selection and prioritization for CPSs. In this article, therefore, we report the results of a survey of approaches for generating, selecting and prioritizing test cases for CPSs; the results illustrate the progress that has been made on these approaches to date, the properties that characterize the approaches and the challenges that remain open in these areas of research.

show abstract

Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences

Cited by 50 publications

References 53 publications

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

Cascading effects of cyber-attacks on interconnected critical infrastructure

Survey on test case generation, selection and prioritization for cyber‐physical systems

Contact Info

Product

Resources

About