TY - GEN
T1 - Vulnerability Assessment for Unmanned Systems Autonomy Services Architecture
AU - Li, Yu
AU - Frasure, Ivan
AU - Ikusan, Ademola Ayodeji
AU - Zhang, Junjie
AU - Dai, Rui
N1 - Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - Unmanned Systems Autonomy Services (UxAS) is a set of networked software modules that collaboratively automate mission-level decision making for unmanned systems. Proposed, developed, and publicized by United States Air Force Research Laboratory (U.S. AFRL), UxAS has strong and promising implications in practice and it can be easily extended to support emulation and practical deployment of unmanned aerial vehicles (UAVs). Therefore, performing vulnerability assessment for UxAS is of significant importance. In this project, we first leveraged the threat-driven method to identify security requirements that focus on UxAS’ confidentiality, integrity, and availability. Next, we designed and developed fuzz tests to evaluate whether UxAS satisfies these requirements. Our experiments have shown that the current version of UxAS is vulnerable to a variety of attacks such as denial of service, message injection/replay, service self-destruct, and timing-based side-channel attacks. Finally, we studied the root-causes for these vulnerabilities and proposed mitigation strategies.
AB - Unmanned Systems Autonomy Services (UxAS) is a set of networked software modules that collaboratively automate mission-level decision making for unmanned systems. Proposed, developed, and publicized by United States Air Force Research Laboratory (U.S. AFRL), UxAS has strong and promising implications in practice and it can be easily extended to support emulation and practical deployment of unmanned aerial vehicles (UAVs). Therefore, performing vulnerability assessment for UxAS is of significant importance. In this project, we first leveraged the threat-driven method to identify security requirements that focus on UxAS’ confidentiality, integrity, and availability. Next, we designed and developed fuzz tests to evaluate whether UxAS satisfies these requirements. Our experiments have shown that the current version of UxAS is vulnerable to a variety of attacks such as denial of service, message injection/replay, service self-destruct, and timing-based side-channel attacks. Finally, we studied the root-causes for these vulnerabilities and proposed mitigation strategies.
KW - software security
KW - network security
KW - software engineering
KW - cryptography
KW - data security
KW - mobile security
UR - http://www.scopus.com/inward/record.url?scp=85059030953&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85059030953&partnerID=8YFLogxK
UR - https://corescholar.libraries.wright.edu/cse/528
U2 - 10.1007/978-3-030-02744-5_20
DO - 10.1007/978-3-030-02744-5_20
M3 - Conference contribution
AN - SCOPUS:85059030953
SN - 9783030027438
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 266
EP - 276
BT - Network and System Security
A2 - Au, Man Ho
A2 - Luo, Xiapu
A2 - Li, Jin
A2 - Kluczniak, Kamil
A2 - Yiu, Siu Ming
A2 - Wang, Cong
A2 - Castiglione, Aniello
PB - Springer Verlag
T2 - 12th International Conference on Network and System Security, NSS 2018
Y2 - 27 August 2018 through 29 August 2018
ER -