A Review of Fuzz Testing Techniques for Autonomous Driving Systems

Abstract

Abstract: Autonomous driving is the future development trend of the automotive industry, while autonomous vehicles heavily rely on interconnected systems and software that control their operation. System software vulnerabilities lead to serious safety hazards for vehicles. Therefore, automatic driving safety test is an important link to further improve the safety of autonomous vehicle. Fuzz testing, as an automated vulnerability testing technology, exhibits outstanding vulnerability exploration capabilities when dealing with complex software systems. It holds significant potential for widespread application in autonomous driving systems. This paper provides a systematic summary of widely used opensource fuzz testing tools. Through an indepth analysis of the characteristics of autonomous driving systems, the study identifies key challenges currently faced by research in this field, including: 1) difficulty in comprehensively considering input dimensions; 2) challenges in uncovering issues related to multifunctional collaborative concurrency; 3) mismatch of security issue categories. In response to these challenges, the research proposes corresponding recommendations, providing guidance for future related research.

Key words: autonomous driving, software security, fuzz testing, functional safety, information security

摘要： 自动驾驶是未来汽车产业发展趋势，然而自动驾驶车辆严重依赖于控制其运行的互连系统和软件，系统软件漏洞导致车辆面临严峻的安全隐患.自动驾驶安全测试能够提升汽车安全性，是保障汽车安全上路的重要环节.模糊测试(fuzz testing)作为一种自动化的漏洞测试技术，在面对复杂的软件系统时展现出卓越的漏洞探索能力.针对目前广泛使用的开源模糊测试工具进行了系统的归纳梳理，并通过对自动驾驶系统特性的深入分析，总结了当前研究面临的主要挑战，包括：1)难以全面考虑输入维度；2)多功能协同并发问题难以解决；3)安全问题类别不适配.为应对这些挑战提出了相应的参考建议，为未来相关研究提供了指导方向.

关键词: 自动驾驶, 软件安全, 模糊测试, 功能安全, 信息安全

CLC Number:

TP311.56

王朋成, 高思淼, 王斯奋, 洪晟, 李众豪, . 自动驾驶系统模糊测试技术综述[J]. 信息安全研究, 2024, 10(11): 982-.

References

［1］Penmetsa P, Sheinidashtegol P, Musaev A, et al. Effects of the autonomous vehicle crashes on public perception of the technology［J］. IATSS Research, 2021, 45(4): 485492［2］Jefferson J, McDonald A D. The autonomous vehicle social network: Analyzing tweets after a recent Tesla autopilot crash［C］ Proc of the Human Factors and Ergonomics Society Annual Meeting. Sage CA: SAGE Publications, 2019: 20712075［3］Morando A, Gershon P, Mehler B, et al. A model for naturalistic glance behavior around Tesla autopilot disengagements［JOL］. Accident Analysis & Prevention, 2021 ［20240719］. https:doi.org10.1016j.aap.2021.106348［4］Chu Y, Liu P. Human factor risks in driving automation crashes［C］ Proc of Int Conf on HumanComputer Interaction. Berlin: Springer, 2023: 312［5］He Shanshan. Autonomous Vehicles: Business, Technology and Law［M］. Berlin: Springer, 2021: 93111［6］Wakabayashi D. Selfdriving Uber car kills pedestrian in Arizona, where robots roam［NOL］. The New York Times, 20180319 ［20230722］. https:www.nytimes.com20180319technologyuberselfdrivingcarkillspede strian.html［7］Bratu D V, Zolya M A, Moraru S A. RoboCoV Cleaner: An indoor autonomous UVC disinfection robot with advanced dualsafety systems［JOL］. Sensors ［20240719］. https:doi.org10.3390s24030974［8］Vasic M, Billard A. Safety issues in humanrobot interactions［C］ Proc of the 2013 IEEE Int Conf on Robotics and Automation. Piscataway, NJ: IEEE, 2013: 197204［9］Moukahal L J, Zulkernine M, Soukup M. Vulnerabilityoriented fuzz testing for connected autonomous vehicle systems［J］. IEEE Trans on Reliability, 2021, 70(4): 14221437［10］Abuabed Z, Alsadeh A, Taweel A. STRIDE threat modelbased framework for assessing the vulnerabilities of modern vehicles［J］. Computers & Security, 2023, 133: 103391［11］Taslimasa H, Dadkhah S, Neto E C P, et al. Security issues in Internet of vehicles (IoV): A comprehensive survey［J］. Internet of Things, 2023, 22: 100809［12］Anwar A, Anwar A, Moukahal L, et al. Security assessment of invehicle communication protocols［J］. Vehicular Communications, 2023, 44: 100639［13］Garcia J, Feng Y, Shen J, et al. A comprehensive study of autonomous vehicle bugs［C］ Proc of the 42nd ACMIEEE Int Conf on Software Engineering (ICSE’20). New York: ACM, 2020: 385396［14］Shuk Y H, Rai A. Continued voluntary participation intention in firmparticipating open source software projects［J］. Information Systems Research, 2017, 28(3): 603625［15］Fioraldi A, Mantovani A, Maier D, et al. Dissecting American fuzzy lop: A FuzzBench evaluation［J］. ACM Trans on Software Engineering and Methodology, 2023, 32(2): 126［16］Petrica L, Vasilescu L, Ion A, et al. IxFIZZ: Integrated functional and fuzz testing framework based on Sulley and SPIN［J］. Science and Technology, 2015, 18(1): 5468［17］Godefroid P. Fuzzing: Hack, art, and science［J］. Communications of the ACM, 2020, 63(2): 7076［18］Wang C, Kang S. ADFL: An improved algorithm for American fuzzy lop in fuzz testing［C］ Proc of the 4th Int Conf on Cloud Computing and Security (ICCCS 2018). Berlin: Springer, 2018: 2736［19］Gan S, Zhang C, Qin X, et al. Collafl: Path sensitive fuzzing［C］ Proc of the 2018 IEEE Symp on Security and Privacy. Piscataway, NJ: IEEE, 2018: 679696［20］汪美琴, 夏旸, 贾琼, 等.模糊测试技术的研究进展与挑战［J］. 信息安全研究, 2024, 10(7): 668674［21］Han H S, Oh D H, Cha S K. CodeAlchemist: Semanticsaware code generation to find vulnerabilities in JavaScript engines［C］ Proc of Network and Distributed Systems Security (NDSS) Symposium. 2019: 2427［22］You W, Wang X, Ma S, et al. Profuzzer: Onthefly input type probing for better zeroday vulnerability discovery［C］ Proc of the 2019 IEEE Symp on Security and Privacy (SP). Piscataway, NJ: IEEE, 2019: 769786［23］刘宝旭, 李昊, 孙钰杰, 等. 智能化漏洞挖掘与网络空间威胁发现综述［J］. 信息安全研究, 2023, 9(10): 932939［24］王鹃, 张冲, 龚家新, 等. 基于机器学习的模糊测试研究综述［J］. 信息网络安全, 2023, 23(8): 116［25］Ye G, Tang Z, Tan S H, et al. Automated conformance testing for JavaScript engines via deep compiler fuzzing［C］ Proc of the 42nd ACM SIGPLAN Int Conf on Programming Language Design and Implementation. New York: ACM, 2021: 435450［26］Odena A, Olsson C, Andersen D, et al. TensorFuzz: Debugging neural networks with coverageguided fuzzing［C］ Proc of Int Conf on Machine Learning. New York: PMLR, 2019: 49014911［27］Li T, Li J, He X. An Improvement of AFL based on the function call depth［C］ Proc of the 18th Int Computer Conf on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). Piscataway, NJ: IEEE, 2021: 440445［28］Basu T, Chattopadhyay S. Testing cache sidechannel leakage［C］ Proc of the 2017 IEEE Int Conf on Software Testing, Verification and Validation Workshops (ICSTW). Piscataway, NJ: IEEE, 2017: 5160［29］Manès V J M, Han Y, Han S, et al. The art, science, and engineering of fuzzing: A survey［J］. IEEE Trans on Software Engineering, 2021, 47(11): 23122331［30］Cousineau P, Lachine B. Enhancing boofuzz process monitoring for closedsource SCADA system fuzzing［C］ Proc of the 2023 IEEE Int Systems Conference (SysCon). Piscataway, NJ: IEEE, 2023: 18［31］Kim S, Kim T. Robofuzz: Fuzzing robotic systems over robot operating system (ROS) for finding correctness bugs［C］ Proc of the 30th ACM Joint European Conf on the Foundations of Software Engineering, New York: ACM, 2022: 447458［32］Kim S, Liu M, Rhee J, et al. DriveFuzz: Discovering autonomous driving bugs through driving qualityguided fuzzing［C］ Proc of the 2022 ACM SIGSAC Conf on Computer and Communications Security (CCS’22). New York: ACM, 2022: 17531767［33］Xie K T, Bai J J, Zou Y H, et al. ROZZ: Propertybased fuzzing for robotic programs in ROS［C］ Proc of the 2022 Int Conf on Robotics and Automation (ICRA). Piscataway, NJ: IEEE, 2022: 67866792［34］Bai J J, Song H X, Hu S M. Multidimensional and messageguided fuzzing forrobotic pograms in robot operating system［C］ Proc of the 29th ACM Int Conf on Architectural Support for Programming Languages and Operating Systems. New York: ACM, 2024: 763778［35］Delgado R, Campusano M, Bergel A. Fuzz testing in behaviorbased robotics［C］ Proc of the 2021 IEEE Int Conf on Robotics and Automation (ICRA). Piscataway, NJ: IEEE, 2021: 9375938［36］Rivera S, State R. Securing robots: An integrated approach for security challenges and monitoring for the robotic operating system (ROS)［C］ Proc of the 2021 IFIPIEEE Int Symp on Integrated Network Management (IM). Piscataway, NJ: IEEE, 2021: 754759［37］Woodlief T, Elbaum S, Sullivan K. Fuzzing mobile robot environments for fast automated crash detection［C］ Proc of the 2021 IEEE Int Conf on Robotics and Automation (ICRA). Piscataway, NJ: IEEE, 2021: 54175423［38］Wang C, Tok Y C, Poolat R, et al. How to secure autonomous mobile robots? An approach with fuzzing, detection and mitigation［J］. Journal of Systems Architecture, 2021, 112: 101838［39］Chen H, Xue Y, Li Y, et al. Hawkeye: Towards a desired directed greybox fachinery［EBOL］. 2018 ［20240719］. https:doi.org10.11453243734.3243849

[1]	. A Review of Adversarial Attack on Autonomous Driving Perception System [J]. Journal of Information Security Reserach, 2024, 10(9): 786-.
[2]	. Research on Risk Analysis of Opensource Software Supply Chain Security [J]. Journal of Information Security Reserach, 2024, 10(9): 862-.
[3]	. Research and Practice of 5G Network Security Assessment Technologies [J]. Journal of Information Security Reserach, 2024, 10(6): 539-.
[4]	. Information Security Risk Assessment Based on TOPSIS and GRA [J]. Journal of Information Security Reserach, 2024, 10(5): 474-.
[5]	. Model Inversion of Voiceprint Recognition System Based on DivideandConquer Method [J]. Journal of Information Security Reserach, 2024, 10(2): 130-.
[6]	. Optimization Method for Fuzz Testing Cases of WiFi Protocol Based on Weight Feedback#br# [J]. Journal of Information Security Reserach, 2024, 10(11): 1049-.
[7]	. Research on Risk Analysis and Countermeasures of Financial Institution ICT Supply Chain Information Security [J]. Journal of Information Security Reserach, 2024, 10(1): 55-.
[8]	. Security and Privacy Protection in 6G Network: A Survey [J]. Journal of Information Security Reserach, 2023, 9(9): 822-.
[9]	. Design and Implementation of Privacy Iinformation Protection System Based on Big Data Analysis [J]. Journal of Information Security Reserach, 2023, 9(9): 914-.
[10]	. Research on Integrated Scheduling Method of Safety and Security Tasks for Intelligent Instruments in Industrial Internet [J]. Journal of Information Security Reserach, 2023, 9(4): 321-.
[11]	. Research on Distributed Digital Identity Construction at Home and Abroad [J]. Journal of Information Security Reserach, 2023, 9(10): 993-.
[12]	. Research on Ontologybased Information Security Test Case Library Model [J]. Journal of Information Security Reserach, 2023, 9(10): 1008-.
[13]	. Research on User Viewpoint Positioning Method in Microblog Screenshots [J]. Journal of Information Security Reserach, 2022, 8(9): 908-.
[14]	. Survey of Coverage-guided Grey-box Fuzzing [J]. Journal of Information Security Reserach, 2022, 8(7): 643-.
[15]	. IC Military-Civil Fusion Strategy of China Under Intensifying US-Sino Trade Friction [J]. Journal of Information Security Reserach, 2022, 8(2): 172-.