The rapid growth of robotic aerial vehicles (RAVs) has attracted extensive interest in numerous public and civilian applications, from flying drones to quadrotors. Security of RAV systems has become increasingly challenging as RAV controller software becomes more complex, exposing a growing attack surface. Memory isolation separates the memory space and enforces memory access control via privilege separation to limit the attacker’s capability so that the attacker cannot compromise other software components by exploiting one memory corruption vulnerability. Memory isolation has been adopted into the resource-constrained systems such as RAVs by lightweight privilege mode switching to meet real-time requirements. In this paper, we propose ARES, a new variable-level vulnerability excavation framework to find deeper bugs from a combined cyber-physical perspective. We present a data-driven method to illustrate that, despite state-of-the-art memory isolation efforts, RAV systems are still vulnerable to adversarial data manipulation attacks. We augment RAV control states with intermediate controller variables by tracing accessible control parameters and vehicle dynamics within the same isolated memory regions. With this expanded state variable space, we apply multivariate statistical analysis to investigate inter-variable quantitative data dependencies and search for vulnerable state variables. ARES utilizes a learning-based method to show how an attacker can exploit memory corruption bugs in a legitimate memory view and elaborately craft adversarial variable values to disrupt a RAV’s safe operations. We demonstrate the feasibility and capability of ARES on the widely-used Ardupilot RAV framework. Our extensive empirical evaluation shows that the attacker may leverage these vulnerable state variables to achieve various RAV failures during its real-time operations, and even evade existing defense solutions.
IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
2023-06-30
2024-12-03