Risk Analysis and Policy Enforcement of Function Interactions in Robot Apps

03/23/2021
by   Yuan Xu, et al.
0

Robot apps are becoming more automated, complex and diverse. An app usually consists of many functions, interacting with each other and the environment. This allows robots to conduct various tasks. However, it also opens a new door for cyber attacks: adversaries can leverage these interactions to threaten the safety of robot operations. Unfortunately, this issue is rarely explored in past works. We present the first systematic investigation about the function interactions in common robot apps. First, we disclose the potential risks and damages caused by malicious interactions. We introduce a comprehensive graph to model the function interactions in robot apps by analyzing 3,100 packages from the Robot Operating System (ROS) platform. From this graph, we identify and categorize three types of interaction risks. Second, we propose RTron, a novel system to detect and mitigate these risks and protect the operations of robot apps. We introduce security policies for each type of risks, and design coordination nodes to enforce the policies and regulate the interactions. We conduct extensive experiments on 110 robot apps from the ROS platform and two complex apps (Baidu Apollo and Autoware) widely adopted in industry. Evaluation results indicated RTron can correctly identify and mitigate all potential risks with negligible performance cost. To validate the practicality of the risks and solutions, we implement and evaluate RTron on a physical UGV (Turtlebot) with real-word apps and environments.

READ FULL TEXT
POST COMMENT

Comments

There are no comments yet.

Authors

page 4

page 9

page 13

page 14

page 15

page 16

page 19

page 20

02/03/2021

Discovering Physical Interaction Vulnerabilities in IoT Deployments

Internet of Things (IoT) applications drive the behavior of IoT deployme...
05/14/2018

AUSERA: Large-Scale Automated Security Risk Assessment of Global Mobile Banking Apps

Contemporary financial technology (FinTech) that enables cashless mobile...
03/28/2022

The...Tinderverse?: Opportunities and Challenges for User Safety in Extended Reality (XR) Dating Apps

Dating apps such as Tinder have announced plans for a dating metaverse: ...
01/14/2018

Tyche: Risk-Based Permissions for Smart Home Platforms

Emerging smart home platforms, which interface with a variety of physica...
06/09/2021

Auditing Network Traffic and Privacy Policies in Oculus VR

Virtual reality (VR) is an emerging technology that enables new applicat...
10/22/2018

IoTSan: Fortifying the Safety of IoT Systems

Today's IoT systems include event-driven smart applications (apps) that ...
11/21/2019

Controlling Interactions with Libraries in Android Apps Through Runtime Enforcement

Android applications are executed on smartphones equipped with a variety...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.