TY - GEN
T1 - RVFuzzer
T2 - 28th USENIX Security Symposium
AU - Kim, Taegyu
AU - Kim, Chung Hwan
AU - Rhee, Junghwan
AU - Fei, Fan
AU - Tu, Zhan
AU - Walkup, Gregory
AU - Zhang, Xiangyu
AU - Deng, Xinyan
AU - Xu, Dongyan
N1 - Publisher Copyright:
© 2019 by The USENIX Association. All rights reserved.
PY - 2019
Y1 - 2019
N2 - Robotic vehicles (RVs) are being adopted in a variety of application domains. Despite their increasing deployment, many security issues with RVs have emerged, limiting their wider deployment. In this paper, we address a new type of vulnerability in RV control programs, called input validation bugs, which involve missing or incorrect validation checks on control parameter inputs. Such bugs can be exploited to cause physical disruptions to RVs which may result in mission failures and vehicle damages or crashes. Furthermore, attacks exploiting such bugs have a very small footprint: just one innocent-looking ground control command, requiring no code injection, control flow hijacking or sensor spoofing. To prevent such attacks, we propose RVFUZZER, a vetting system for finding input validation bugs in RV control programs through control-guided input mutation. The key insight behind RVFUZZER is that the RV control model, which is the generic theoretical model for a broad range of RVs, provides helpful semantic guidance to improve bug-discovery accuracy and efficiency. Specifically, RVFUZZER involves a control instability detector that detects control program misbehavior, by observing (simulated) physical operations of the RV based on the control model. In addition, RVFUZZER steers the input generation for finding input validation bugs more efficiently, by leveraging results from the control instability detector as feedback. In our evaluation of RVFUZZER on two popular RV control programs, a total of 89 input validation bugs are found, with 87 of them being zero-day bugs.
AB - Robotic vehicles (RVs) are being adopted in a variety of application domains. Despite their increasing deployment, many security issues with RVs have emerged, limiting their wider deployment. In this paper, we address a new type of vulnerability in RV control programs, called input validation bugs, which involve missing or incorrect validation checks on control parameter inputs. Such bugs can be exploited to cause physical disruptions to RVs which may result in mission failures and vehicle damages or crashes. Furthermore, attacks exploiting such bugs have a very small footprint: just one innocent-looking ground control command, requiring no code injection, control flow hijacking or sensor spoofing. To prevent such attacks, we propose RVFUZZER, a vetting system for finding input validation bugs in RV control programs through control-guided input mutation. The key insight behind RVFUZZER is that the RV control model, which is the generic theoretical model for a broad range of RVs, provides helpful semantic guidance to improve bug-discovery accuracy and efficiency. Specifically, RVFUZZER involves a control instability detector that detects control program misbehavior, by observing (simulated) physical operations of the RV based on the control model. In addition, RVFUZZER steers the input generation for finding input validation bugs more efficiently, by leveraging results from the control instability detector as feedback. In our evaluation of RVFUZZER on two popular RV control programs, a total of 89 input validation bugs are found, with 87 of them being zero-day bugs.
UR - http://www.scopus.com/inward/record.url?scp=85076339251&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85076339251&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85076339251
T3 - Proceedings of the 28th USENIX Security Symposium
SP - 425
EP - 442
BT - Proceedings of the 28th USENIX Security Symposium
PB - USENIX Association
Y2 - 14 August 2019 through 16 August 2019
ER -