RVFUZZER: Finding Input Validation Bugs in Robotic Vehicles Through Control-Guided Testing
Overview
- a new type of vulnerability in RV control programs —— input validation bug
涉及对控制参数输入的验证检查缺失或不正确 - 关键理论:RV控制模型是各种RV的通用理论模型,为提高漏洞发现的准确性和效率提供了有用的语义指导。
Introduction
攻击面
- physical vulnerabilities of its sensors that enable external sensor spoofing attacks
- traditional “syntactic” bugs in its control program (e.g., memory corruption bugs) that enable remote or trojaned exploits
- control-semantic bugs in its control program that enable attacks via remote control commands
- input validation bugs
- range implementation bugs
- range specification bugs
- input validation bugs