Title: Fortifying Cyber-Physical Systems through Comprehensive Bug-finding and Mitigation

Date: Friday, December 1, 2023

Time: 1:30 PM - 3:30 PM ET

Location: CODA C0915 / Zoom: https://gatech.zoom.us/j/95775489982

Seulbae Kim

Ph.D. Candidate

School of Cybersecurity and Privacy

College of Computing

Georgia Institute of Technology

Committee:

Dr. Taesoo Kim (advisor), School of Computer Science & School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Alessandro Orso, School of Computer Science, Georgia Institute of Technology

Dr. Saman Zonouz, School of Cybersecurity and Privacy, Georgia Institute of Technology

Dr. Qirun Zhang, School of Computer Science, Georgia Institute of Technology

Dr. Yonghwi Kwon, Department of Electrical & Computer Engineering, University of Maryland

Abstract

With the rapid growth of Cyber-Physical Systems (CPS) in various domains, ensuring their security and correctness has become increasingly critical. CPS, intricate amalgamations of physical and cyber components, necessitate security approaches that extend beyond conventional software security methodologies. This thesis focuses on formulating a comprehensive strategy to automatically identify and mitigate cyber-physical bugs and attacks across all layers of CPS, encompassing the application layer, middleware suite, and hardware layer.

First, a vehicular fuzzing framework is developed to uncover logic bugs in autonomous driving system software. This framework uses real-world traffic rules to build driving test oracles and detect safety-critical misbehaviors, such as collisions. The fuzzer generates and mutates realistic driving scenarios and assesses the semantic quality of autonomous driving by referring to the physical states of the vehicle to guide the fuzzing process effectively.

Second, a customizable fuzzing framework is devised for Robot Operating System (ROS), a widely used middleware suite for modern robot development. This framework leverages the message-driven distributed architecture of ROS and ROS-based systems to explore system states by injecting data messages. Simultaneously executing the robotic system under test in both the real world and a simulator, this framework captures the states from both domains, scrutinizing for cyber-physical discrepancies that can lead to errors.

Finally, to safeguard CPS from irreversible damages stemming from bugs, attacks, or user failures, a dynamics-based runtime monitoring system is proposed. This method speculatively predicts future states to proactively detect potential safety violations in advance. Once a forthcoming unsafe state is anticipated, this system searches for corrective maneuvers to divert future states, effectively transforming reactive safety measures into preemptive measures.