Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Hongjun Choi; Sayali Kate; Yousra Aafer; Xiangyu Zhang; Dongyan Xu

doi:10.1145/3372297.3417249

Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Hongjun Choi
, Sayali Kate
, Yousra Aafer
, Xiangyu Zhang
, Dongyan Xu

Department of Electrical Engineering and Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

27 Scopus citations

Abstract

We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.

Original language	English
Title of host publication	CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	263-278
Number of pages	16
ISBN (Electronic)	9781450370899
DOIs	https://doi.org/10.1145/3372297.3417249
State	Published - 30 Oct 2020
Event	27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020 - Virtual, Online, United States Duration: 9 Nov 2020 → 13 Nov 2020

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020
Country/Territory	United States
City	Virtual, Online
Period	9/11/20 → 13/11/20

Bibliographical note

Publisher Copyright:
© 2020 ACM.

Keywords

CPS security
cyber-physical inconsistency
robotic vehicle

Access to Document

10.1145/3372297.3417249

Cite this

Choi, H., Kate, S., Aafer, Y., Zhang, X., & Xu, D. (2020). Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. In CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (pp. 263-278). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3372297.3417249

Choi, Hongjun ; Kate, Sayali ; Aafer, Yousra et al. / Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2020. pp. 263-278 (Proceedings of the ACM Conference on Computer and Communications Security).

@inproceedings{3a4411548b9042ffb55f3fca2cd12ed2,

title = "Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles",

abstract = "We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.",

keywords = "CPS security, cyber-physical inconsistency, robotic vehicle",

author = "Hongjun Choi and Sayali Kate and Yousra Aafer and Xiangyu Zhang and Dongyan Xu",

note = "Publisher Copyright: {\textcopyright} 2020 ACM.; 27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020 ; Conference date: 09-11-2020 Through 13-11-2020",

year = "2020",

month = oct,

day = "30",

doi = "10.1145/3372297.3417249",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "263--278",

booktitle = "CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security",

}

Choi, H, Kate, S, Aafer, Y, Zhang, X & Xu, D 2020, Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. in CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 263-278, 27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020, Virtual, Online, United States, 9/11/20. https://doi.org/10.1145/3372297.3417249

Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. / Choi, Hongjun; Kate, Sayali; Aafer, Yousra et al.
CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2020. p. 263-278 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

AU - Choi, Hongjun

AU - Kate, Sayali

AU - Aafer, Yousra

AU - Zhang, Xiangyu

AU - Xu, Dongyan

PY - 2020/10/30

Y1 - 2020/10/30

N2 - We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.

AB - We propose a new type of vulnerability for Robotic Vehicles (RVs), called Cyber-Physical Inconsistency. These vulnerabilities target safety checks in RVs (e.g., crash detection). They can be exploited by setting up malicious environment conditions such as placing an obstacle with a certain weight and a certain angle in the RV's trajectory. Once exploited, the safety checks may fail to report real physical accidents or report false alarms (while the RV is still operating normally). Both situations could lead to life-threatening consequences. The root cause of such vulnerabilities is that existing safety checks are mostly using simple range checks implemented in general-purpose programming languages, which are incapable of describing the complex and delicate physical world. We develop a novel technique that requires the interplay of program analysis, vehicle modeling, and search-based testing to identify such vulnerabilities. Our experiment on 4 real-world control software and 8 vehicles including quadrotors, rover, and fixed-wing airplane has discovered 10 real vulnerabilities. Our technique does not have false positives as it only reports when an exploit can be generated.

KW - CPS security

KW - cyber-physical inconsistency

KW - robotic vehicle

UR - https://www.scopus.com/pages/publications/85096195583

U2 - 10.1145/3372297.3417249

DO - 10.1145/3372297.3417249

M3 - Conference contribution

AN - SCOPUS:85096195583

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 263

EP - 278

BT - CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 27th ACM SIGSAC Conference on Computer and Communications Security, CCS 2020

Y2 - 9 November 2020 through 13 November 2020

ER -

Choi H, Kate S, Aafer Y, Zhang X, Xu D. Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles. In CCS 2020 - Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2020. p. 263-278. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3372297.3417249

Cyber-Physical Inconsistency Vulnerability Identification for Safety Checks in Robotic Vehicles

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this