Title: A Holistic Approach for Detecting and Mitigating Bugs in Cyber-Physical Systems

Date: Wednesday, April 19, 2023

Time: 1:30 PM - 3:00 PM ET

Location: CODA C1015 / Zoom

Seulbae Kim

Ph.D. Student

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

Committee:

Dr. Taesoo Kim (advisor), School of Computer Science & School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Alessandro Orso, School of Computer Science, Georgia Institute of Technology

Dr. Qirun Zhang, School of Computer Science, Georgia Institute of Technology

Abstract

With the rapid growth of Cyber-Physical Systems (CPS) in various domains, ensuring their security and correctness has become increasingly critical. CPS are complex systems that integrate physical and cyber components, and securing CPS requires approaches that go beyond traditional software security methodologies. In this thesis, I focus on designing a holistic approach to detect and mitigate cyber-physical bugs in all layers of CPS, including the application layer, middleware suite, and hardware layer.

First, I develop a vehicular fuzzing framework to reveal logic bugs in autonomous driving system software. The framework uses real-world traffic rules to build driving test oracles and detect safety-critical misbehaviors, such as collisions. The fuzzer generates and mutates realistic driving scenarios and measures the semantic quality of autonomous driving by referencing the physical states of the vehicle to guide the fuzzing process accordingly.

Second, I design a customizable fuzzing framework for Robot Operating System (ROS), which is a widely used middleware suite for modern robot development. This framework leverages the message-driven distributed architecture of ROS and ROS-based systems to explore system states by injecting data messages. The framework simultaneously executes the robotic system under test in the real world and in a simulator, capturing the states of both domains and checking for cyber-physical discrepancies that can lead to errors.

Finally, to protect CPS from irreversible damages during operations or tests, I propose a dynamics-based online state estimation of physical systems to speculatively predict future states and mitigate potential safety issues in advance. Once a forthcoming unsafe state is anticipated, this system searches for escape maneuvers to divert future states, effectively turning reactive safety measures into preemptive measures.