TY - GEN
T1 - Coverage-Guided Fuzz Testing for Cyber-Physical Systems
AU - Sheikhi, Sanaz
AU - Kim, Edward
AU - Duggirala, Parasara Sridhar
AU - Bak, Stanley
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Fuzz testing is an indispensable test-generation tool in software security. Fuzz testing uses automated directed randomness to explore a variety of execution paths in software, trying to expose defects such as buffer overflows. Since cyber-physical systems (CPS) are often safety-critical, testing models of CPS can also expose faults. However, while existing coverage-guided fuzz testing methods are effective for software, results can be disappointing when applied to CPS, where systems have continuous states and inputs are applied at different points in time. In this work, we propose three changes to customize coverage-guided fuzz testing methods to better leverage characteristics of CPS. First, we introduce a notion of coverage to be used to evaluate a fuzz testing algorithm's effectiveness for a particular CPS, analogous to often-used code coverage metrics of a software system. Second, this modified coverage metric is used in a customized power schedule, which selects which previous input sequences hold the most promise to find failures in new system states. Third, we modify the input mutation strategy used to reason with the causal nature of a CPS. Our proposed system, which we call CPS-Fuzz, is compared with three other fuzz testing frameworks on a autonomous car racing software and provides a superior coverage score by generating more crashes at different positions around the track.
AB - Fuzz testing is an indispensable test-generation tool in software security. Fuzz testing uses automated directed randomness to explore a variety of execution paths in software, trying to expose defects such as buffer overflows. Since cyber-physical systems (CPS) are often safety-critical, testing models of CPS can also expose faults. However, while existing coverage-guided fuzz testing methods are effective for software, results can be disappointing when applied to CPS, where systems have continuous states and inputs are applied at different points in time. In this work, we propose three changes to customize coverage-guided fuzz testing methods to better leverage characteristics of CPS. First, we introduce a notion of coverage to be used to evaluate a fuzz testing algorithm's effectiveness for a particular CPS, analogous to often-used code coverage metrics of a software system. Second, this modified coverage metric is used in a customized power schedule, which selects which previous input sequences hold the most promise to find failures in new system states. Third, we modify the input mutation strategy used to reason with the causal nature of a CPS. Our proposed system, which we call CPS-Fuzz, is compared with three other fuzz testing frameworks on a autonomous car racing software and provides a superior coverage score by generating more crashes at different positions around the track.
KW - autonomous vehicle
KW - coverage met-ric
KW - cyber-physical systems
KW - fuzz testing
KW - test generation
UR - https://www.scopus.com/pages/publications/85134218911
U2 - 10.1109/ICCPS54341.2022.00009
DO - 10.1109/ICCPS54341.2022.00009
M3 - Conference contribution
AN - SCOPUS:85134218911
T3 - Proceedings - 13th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2022
SP - 24
EP - 33
BT - Proceedings - 13th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2022
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 13th ACM/IEEE International Conference on Cyber-Physical Systems, ICCPS 2022
Y2 - 4 May 2022 through 6 May 2022
ER -