- When: Friday, April 09, 2021 from 11:00 AM to 12:00 PM
- Speakers: Taegyu Kim, Ph.D. candidate, Department of Electrical and Computer Engineering, Purdue University
- Location: ZOOM
- Export to iCal
Abstract
Robotic aerial vehicles (RAVs) have been increasingly deployed in various areas (e.g., commercial, military, scientific, and entertainment). However, RAVs’ security and safety issues could not only arise from either of the “cyber” domain (e.g., control software) and “physical” domain (e.g., vehicle control model) but also stem in their interplay. Unfortunately, existing work had focused mainly on either the “cyber-centric” or “control-centric” approaches. However, such a single-domain focus could overlook the security threats caused by the interplay between the cyber and physical domains.
In this talk, I will present cyber-physical analysis and hardening to secure RAV controllers. Through a combination of program analysis and vehicle control modeling, we first developed novel techniques to (1) connect both cyber and physical domains and then (2) analyze individual domains and their interplay. Specifically, we will talk about how to detect bugs after RAV accidents using provenance, how to proactively find bugs using fuzzing, and how to patch vulnerable firmware using binary patching. As a result, we have found 91 new bugs in modern RAV control programs, and their developers confirmed 32 cases and patch 11 cases.
Short Bio
Taegyu Kim is a Ph.D. candidate in the Department of Electrical and Computer Engineering at Purdue University, co-advised by Prof. Dongyan Xu and Prof. Dave (Jing) Tian in the Department of Computer Science. His main research interest lies in the security and safety of cyber-physical systems, with a focus on robotic aerial vehicles such as drones. Taegyu has published ten peer-reviewed papers including five papers at top security venues including USENIX Security, NDSS, and ACSAC. He received his M.S. at Korea Advanced Institute of Science and Technology (KAIST) and B.S. at Kwangwoon University in South Korea.
Posted 3 years, 8 months ago