CRII: SaTC: Automated Security Analysis of Software-Based Control in Emerging Smart Transportation Under Sensor Attacks

CRII：SaTC：传感器攻击下新兴智能交通中基于软件的控制的自动安全分析

• 批准号: 1850533
• 负责人: Qi Chen
• 金额: $ 17.5万
• 依托单位: University of California-Irvine
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-04-01 至 2021-03-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1850533&HistoricalAwards=false
• 关键词: CRII; SaTC; Automated; Security; Analysis

Transportation systems are being profoundly transformed with the emergence of a series of software-based smart transportation solutions such as intelligent traffic signal control and autonomous driving. In these systems, the key enabler of their functional intelligence is the sensing capability, which collects necessary road information to enable better control decisions. However, sensor data are collected from a public channel, i.e., the physical transportation environment, which thus inevitably creates opportunities for attackers to tamper with the sensing process. In this project, the investigator initiates research efforts towards achieving a systematic understanding of the robustness of software-based control in emerging smart transportation systems under sensor attacks. Since transportation is a basic urban function, the successful completion of this project is expected to proactively identify and address new security challenges in these systems before wide deployment, and thus help ensure the security and safety of everyday life.In this project, an automatic approach will be designed, implemented, and evaluated to enable efficient and effective discovery of security problems in emerging smart transportation systems. The approach focuses on discovering semantic security problems, which for example change control decisions in the smart transportation functions. This is because analyzing them usually leads to the discovery of novel and domain-specific design trade-offs in an area or even across areas, which thus has more potential to advance knowledge and guide future research. To achieve this goal, this project will design a dynamic security analysis system following an evolutionary algorithm approach, and propose novel solutions to address research challenges in analysis input generation, semantic problem discovery, and analyzing dataflow-centric decision process. This project will concretely apply the developed system to real-world code bases of smart transportation systems to ensure the practicality of the discovered security problems, challenges, and solution directions.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

随着智能交通信号控制和自动驾驶等一系列基于软件的智能交通解决方案的出现，交通系统正在发生深刻的变革。在这些系统中，其功能智能的关键使能因素是传感能力，它收集必要的道路信息，以实现更好的控制决策。然而，传感器数据是从公共信道收集的，即，物理运输环境，因此不可避免地为攻击者篡改传感过程创造了机会。在这个项目中，研究人员开始研究工作，以实现系统的理解基于软件的控制在新兴的智能交通系统下传感器攻击的鲁棒性。由于交通是城市的基本功能，本项目的成功完成将有助于在大规模部署之前主动发现和解决这些系统中的新安全挑战，从而帮助确保日常生活的安全。在本项目中，将设计、实施和评估一种自动方法，以便高效和有效地发现新兴智能交通系统中的安全问题。该方法的重点是发现语义安全问题，例如改变智能交通功能中的控制决策。这是因为分析它们通常会发现一个领域甚至跨领域的新颖和特定领域的设计权衡，从而更有可能推进知识并指导未来的研究。为了实现这一目标，本项目将设计一个动态的安全分析系统，遵循进化算法的方法，并提出新的解决方案，以解决研究的挑战，在分析输入生成，语义问题发现，并分析以流程为中心的决策过程。该项目将开发的系统具体应用于智能交通系统的实际代码库，以确保所发现的安全问题、挑战和解决方案方向的实用性。该奖项反映了NSF的法定使命，通过使用基金会的智力价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Too Afraid to Drive: Systematic Discovery of Semantic DoS Vulnerability in Autonomous Driving Planning under Physical-World Attacks

• DOI: 10.14722/ndss.2022.24177
• 发表时间: 2022-01
• 期刊: ArXiv
• 作者: Ziwen Wan;Junjie Shen;Jalen Chuang;Xin Xia;Joshua Garcia;Jiaqi Ma;Qi Alfred Chen

Impact Evaluation of Falsified Data Attacks on Connected Vehicle Based Traffic Signal Control Systems

伪造数据攻击对基于联网车辆的交通信号控制系统的影响评估

• 发表时间: 2021
• 期刊: NDSS Workshop on Automotive and Autonomous Vehicle Security (AutoSec
• 作者: Huang, Shihong;Feng, Yiheng;Wong, Wai;Chen, Qi Alfred;Mao, Z. Morley;Liu, Henry X.
• 通讯作者: Liu, Henry X.

Automated Cross-Platform Reverse Engineering of CAN Bus Commands From Mobile Apps

来自移动应用程序的 CAN 总线命令的自动化跨平台逆向工程

• DOI: 10.14722/ndss.2020.24231
• 发表时间: 2020
• 期刊: Proceedings 2020 Network and Distributed System Security Symposium (NDSS'20
• 作者: Wen, Haohuang;Zhao, Qingchuan;Chen, Qi Alfred;Lin, Zhiqiang
• 通讯作者: Lin, Zhiqiang

Plug-N-Pwned: Comprehensive Vulnerability Analysis of OBD-II Dongles as A New Over-the-Air Attack Surface in Automotive IoT

• 发表时间: 2020
• 期刊: Environmental Science and Pollution Research
• 影响因子: 5.8
• 作者: Haohuang Wen;Qi Alfred Chen;Zhiqiang Lin

Dirty Road Can Attack: Security of Deep Learning based Automated Lane Centering under Physical-World Attack

• 发表时间: 2020-09
• 作者: Takami Sato;Junjie Shen;Ningfei Wang;Yunhan Jia;Xue Lin;Qi Alfred Chen