{"title":"机器人车辆安全检测的网络物理不一致漏洞识别","authors":"Hongjun Choi, Sayali Kate, Yousra Aafer, X. Zhang, Dongyan Xu","doi":"10.1145/3372297.3417249","DOIUrl":null,"url":null,"abstract":"We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.","PeriodicalId":20481,"journal":{"name":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","volume":"46 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2020-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"13","resultStr":"{\"title\":\"Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles\",\"authors\":\"Hongjun Choi, Sayali Kate, Yousra Aafer, X. Zhang, Dongyan Xu\",\"doi\":\"10.1145/3372297.3417249\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.\",\"PeriodicalId\":20481,\"journal\":{\"name\":\"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"46 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"13\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3372297.3417249\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3372297.3417249","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles
We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
