skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: CAVeliEr: Automated Security Evaluation for Connected Autonomous Vehicle Applications
Connected Autonomous Vehicle (CAV) applications have shown the promise of transformative impact on road safety, transportation experience, and sustainability. However, they open large and complex attack surfaces: an adversary can corrupt sensory and communication inputs with catastrophic results. A key challenge in development of security solutions for CAV applications is the lack of effective infrastructure for evaluating such solutions. In this paper, we address the problem by designing an automated, flexible evaluation infrastructure for CAV security solutions. Our tool, CAVELIER, provides an extensible evaluation architecture for CAV security solutions against compromised communication and sensor channels. The tool can be customized for a variety of CAV applications and to target diverse usage models. We illustrate the framework with a number of case studies for security resiliency evaluation in Cooperative Adaptive Cruise Control (CACC).  more » « less
Award ID(s):
1908549
PAR ID:
10358599
Author(s) / Creator(s):
; ; ;
Date Published:
Journal Name:
25th IEEE International Conference on Intelligent Transportation (ITSC 2022)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; (, 24th IEEE International Conference on Intelligent Transportation (ITSC 2021))
    null (Ed.)
    Connected Autonomous Vehicular (CAV) platoon refers to a group of vehicles that coordinate their movements and operate as a single unit. The vehicle at the head acts as the leader of the platoon and determines the course of the vehicles following it. The follower vehicles utilize Vehicle-to-Vehicle (V2V) communication and automated driving support systems to automatically maintain a small fixed distance between each other. Reliance on V2V communication exposes platoons to several possible malicious attacks which can compromise the safety, stability, and efficiency of the vehicles. We present a novel distributed resiliency architecture, RePLACe for CAV platoon vehicles to defend against adversaries corrupting V2V communication reporting preceding vehicle position. RePLACe is unique in that it can provide real-time defense against a spectrum of communication attacks. RePLACe provides systematic augmentation of a platoon controller architecture with real-time detection and mitigation functionality using machine learning. Unlike computationally intensive cryptographic solutions RePLACe accounts for the limited computation capabilities provided by automotive platforms as well as the real-time requirements of the application. Furthermore, unlike control-theoretic approaches, the same framework works against the broad spectrum of attacks. We also develop a systematic approach for evaluation of resiliency of CAV applications against V2V attacks. We perform extensive experimental evaluation to demonstrate the efficacy of RePLACe. 
    more » « less
  2. ; ; ; ; ; (, Transportation Research Record: Journal of the Transportation Research Board)
    Cooperative perception that integrates sensing capabilities from both infrastructure and vehicle perception sensors can greatly benefit the transportation system with respect to safety and data acquisition. In this study, we conduct a preliminary evaluation of such a system by integrating a portable lidar-based infrastructure detection system (namely, Traffic Scanner [TScan]) with a Society of Automotive Engineers (SAE) Level 4 connected and automated vehicle (CAV). Vehicle-to-everything (V2X) communication devices are installed on both the TScan and the CAV to enable real-time message transmission of detection results in the form of SAE J2735 basic safety messages. We validate the concept using a case study, which aims at improving CAV situation awareness and protecting vulnerable road user (VRU) safety. Field testing results demonstrate the safety benefits of cooperative perception from infrastructure sensors in detecting occluded VRUs and helping CAVs to plan safer (i.e., higher post-encroachment time) and smoother (i.e., lower deceleration rates) trajectories. 
    more » « less
  3. ; ; ; ; (, IEEE)
    The increased parallelism in modern processors has sparked interest in offloading security policy enforcement to processes or hardware operating in parallel with the main application. This approach can reduce application latency, enhance security, and improve compatibility. However, existing software solutions often incur high overheads and are susceptible to memory corruption attacks, while hardware solutions tend to be inflexible and require substantial modifications to the processor. In this paper, we present SIDECAR, a novel approach that offloads security checks to run concurrently with applications by leveraging the debugging infrastructure available in commodity processors. Specifically, we utilize softwaredriven logging (SDL) extensions in Intel and Arm processors to create secure, append-only channels between applications and security monitors. We build and evaluate a prototype of SIDECAR for the x86-64 and Aarch64 architectures. To demonstrate its utility, we adapt well-known security defenses within SIDECAR, providing control-flow integrity (CFI), shadow call stacks (SCS), and memory error checking (ASAN). Our evaluation shows that these extensions perform better on the Intel architecture. In terms of defenses, SIDECAR reduces the latency of CFI in the tested real-world applications by an average of 30%, offers enhanced security with similar overhead for SCS, and is versatile enough to support complex defenses like ASAN. Furthermore, our security monitor for CFI+SCS is 30 times more efficient compared to previous work. 
    more » « less
  4. ; (, 2020 IEEE 27th International Conference on Software Analysis, Evolution and Reengineering (SANER))
    Distributed applications enhance their execution by using remote resources. However, distributed execution incurs communication, synchronization, fault-handling, and security overheads. If these overheads are not offset by the yet larger execution enhancement, distribution becomes counterproductive. For maximum benefits, the distribution’s granularity cannot be too fine or too crude; it must be just right. In this paper, we present a novel approach to re-architecting distributed applications, whose distribution granularity has turned ill-conceived. To adjust the distribution of such applications, our approach automatically reshapes their remote invocations to reduce aggregate latency and resource consumption. To that end, our approach insources a remote functionality for local execution, splits it into separate functions to profile their performance, and determines the optimal redistribution based on a cost function. Redistribution strategies combine separate functions into single remotely invocable units. To automate all the required program transformations, our approach introduces a series of domainspecific automatic refactorings. We have concretely realized our approach as an analysis and automatic program transformation infrastructure for the important domain of full-stack JavaScript applications, and evaluated its value, utility, and performance on a series of real-world cross-platform mobile apps. Our evaluation results indicate that our approach can become a useful tool for software developers charged with the challenges of re-architecting distributed applications. 
    more » « less
  5. ; (, ICC 2022 - IEEE International Conference on Communications)
    Connected autonomous vehicles (CAVs) have fostered the development of intelligent transportation systems that support critical safety information sharing with minimum latency and making driving decisions autonomously. However, the CAV environment is vulnerable to different external and internal attacks. Authorized but malicious entities which provide wrong information impose challenges in preventing internal attacks. An essential requirement for thwarting internal attacks is to identify the trustworthiness of the vehicles. This paper exploits interaction provenance to propose a trust management framework for CAVs that considers both in-vehicle and vehicular network security incidents, supports flexible security policies and ensures privacy. The framework contains an interaction provenance recording and trust management protocol that extracts events from interaction provenance and calculates trustworthiness using fuzzy policies based on the events. Simulation results show that the framework is effective and can be integrated with the CAV stack with minimal computation and communication overhead. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email