PGFUZZ: Policy-Guided Fuzzing for Robotic Vehicles

Unfortunately, previous fuzzing approaches cannot discover this type of violations for the following two reasons. First, they do not consider the entire input space of the RV’s control software, including user commands, configuration parameters, and environmental factors. Second, they only focus on finding memory corruption bugs or RV’s control stability issues. Therefore, they cannot detect safety policy violations, e.g., a drone is deploying the parachute at a too-low altitude.

[1]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[2]  M. Wegman,et al.  Global value numbers and redundant computations , 1988, POPL '88.

[3]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[4]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[5]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[6]  Balazs Gati,et al.  Open source autopilot for academic research - The Paparazzi system , 2013, 2013 American Control Conference.

[7]  Hengyi Yang,et al.  Dynamic Programming algorithm for Computing Temporal Logic Robustness , 2013 .

[8]  Georgios E. Fainekos,et al.  On-Line Monitoring for Temporal Logic Robustness , 2014, RV.

[9]  Houssam Abbas,et al.  Robustness-guided temporal logic testing and verification for Stochastic Cyber-Physical Systems , 2014, The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent.

[10]  Raymond Carver Gazebo , 2014 .

[11]  Yongdae Kim,et al.  Rocking Drones with Intentional Sound Noise on Gyroscopic Sensors , 2015, USENIX Security Symposium.

[12]  Aiko Pras,et al.  Exploring security vulnerabilities of unmanned aerial vehicles , 2016, NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium.

[13]  Mahesh Viswanathan,et al.  Automatic Reachability Analysis for Nonlinear Hybrid Models with C2E2 , 2016, CAV.

[14]  Insup Lee,et al.  Adaptive Transient Fault Model for Sensor Attack Detection , 2016, 2016 IEEE 4th International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA).

[15]  Jingling Xue,et al.  SVF: interprocedural static value-flow analysis in LLVM , 2016, CC.

[16]  Arman Sargolzaei,et al.  Detection of Fault Data Injection Attack on UAV Using Adaptive Neural Network , 2016 .

[17]  Frank Breitinger,et al.  DROP (DRone Open source Parser) your drone: Forensic analysis of the DJI Phantom III , 2017, Digit. Investig..

[18]  Arman Sargolzaei,et al.  Neural adaptive observer-based sensor and actuator fault detection in nonlinear systems: Application in UAV. , 2017, ISA transactions.

[19]  David A. Basin,et al.  Almost Event-Rate Independent Monitoring of Metric Temporal Logic , 2017, TACAS.

[20]  Mahesh Viswanathan,et al.  DryVR: Data-Driven Verification and Compositional Reasoning for Automotive Systems , 2017, CAV.

[21]  Jianying Zhou,et al.  NoisePrint: Attack Detection Using Sensor and Process Noise Fingerprint in Cyber Physical Systems , 2018, AsiaCCS.

[22]  Patrick D. McDaniel,et al.  Soteria: Automated IoT Safety and Security Analysis , 2018, USENIX Annual Technical Conference.

[23]  Gang Wang,et al.  All Your GPS Are Belong To Us: Towards Stealthy Manipulation of Road Navigation Systems , 2018, USENIX Security Symposium.

[24]  Wen-Chuan Lee,et al.  Detecting Attacks Against Robotic Vehicles: A Control Invariant Approach , 2018, CCS.

[25]  Jens B. Schmitt,et al.  Crowd-GPS-Sec: Leveraging Crowdsourcing to Detect and Localize GPS Spoofing Attacks , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[26]  Kyung-Joon Park,et al.  Empirical Analysis of MAVLink Protocol Vulnerability for Attacking Unmanned Aerial Vehicles , 2018, IEEE Access.

[27]  Zhongshu Gu,et al.  Securing Real-Time Microcontroller Systems through Customized Memory View Switching , 2018, NDSS.

[28]  Jun Sun,et al.  Learning from Mutants: Using Code Mutation to Learn and Monitor Invariants of a Cyber-Physical System , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Qixin Wang,et al.  A System Identification Based Oracle for Control-CPS Software Fault Localization , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[30]  S Amirthavarshini,et al.  SMART TRAFFIC SIGNALS , 2019 .

[31]  Xinyan Deng,et al.  RVFuzzer: Finding Input Validation Bugs in Robotic Vehicles through Control-Guided Testing , 2019, USENIX Security Symposium.

[32]  Sriram Sankaranarayanan,et al.  Robustness of Specifications and Its Applications to Falsification, Parameter Mining, and Runtime Monitoring with S-TaLiRo , 2019, RV.

[33]  Emmanuel Lemoine,et al.  Amazon Prime Air , 2019 .

[34]  Shan Lu,et al.  AutoTap: Synthesizing and Repairing Trigger-Action Programs Using LTL Properties , 2019, 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE).

[35]  Christopher M. Poskitt,et al.  Learning-Guided Network Fuzzing for Testing Cyber-Physical System Defences , 2019, 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[36]  Xiangyu Zhang,et al.  Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles , 2020, CCS.

[37]  Xinyan Deng,et al.  From Control Model to Program: Investigating Robotic Aerial Vehicle Accidents with MAYDAY , 2020, USENIX Security Symposium.