Fortifying Cyber-Physical Systems through Comprehensive Bug-finding and Mitigation

Files
KIM-DISSERTATION-2023.pdf (23.06 MB)
Author(s)
Kim, Seulbae
Advisor(s)
Editor(s)
Associated Organization(s)
Organizational Unit
Organizational Unit
School of Computer Science
School established in 2007
Series
Collections
Theses and Dissertations
Supplementary to:
Permanent Link
https://hdl.handle.net/1853/73144
Abstract
With the rapid growth of Cyber-Physical Systems (CPS) in various domains, ensuring their security and correctness has become increasingly critical. CPS, intricate amalgamations of physical and cyber components, necessitate security approaches that extend beyond conventional software security methodologies. This thesis focuses on formulating a comprehensive strategy to automatically identify and mitigate cyber-physical bugs and attacks across all layers of CPS, encompassing the application layer, middleware suite, and hardware layer. First, a vehicular fuzzing framework is developed to uncover logic bugs in autonomous driving system software. This framework uses real-world traffic rules to build driving test oracles and detect safety-critical misbehaviors, such as collisions. The fuzzer generates and mutates realistic driving scenarios and assesses the semantic quality of autonomous driving by referring to the physical states of the vehicle to guide the fuzzing process effectively. Second, a customizable fuzzing framework is devised for Robot Operating System (ROS), a widely used middleware suite for modern robot development. This framework leverages the message-driven distributed architecture of ROS and ROS-based systems to explore system states by injecting data messages. Simultaneously executing the robotic system under test in both the real world and a simulator, this framework captures the states from both domains, scrutinizing for cyber-physical discrepancies that can lead to errors. Finally, to safeguard CPS from irreversible damages stemming from bugs, attacks, or user failures, a dynamics-based runtime monitoring system is proposed. This method speculatively predicts future states to proactively detect potential safety violations in advance. Once a forthcoming unsafe state is anticipated, this system searches for corrective maneuvers to divert future states, effectively transforming reactive safety measures into preemptive measures.
Sponsor
Date
2023-12-08
Extent
Resource Type
Text
Resource Subtype
Dissertation
Rights Statement
Rights URI