IEEE Access (Jan 2020)

CPFuzz: Combining Fuzzing and Falsification of Cyber-Physical Systems

  • Fute Shang,
  • Buhong Wang,
  • Tengyao Li,
  • Jiwei Tian,
  • Kunrui Cao

DOI
https://doi.org/10.1109/ACCESS.2020.3023250
Journal volume & issue
Vol. 8
pp. 166951 – 166962

Abstract

Read online

Coverage-guided grey-box fuzzing for computer systems has been explored for decades. However, existing techniques do not adequately explore the space of continuous behaviors in Cyber-Physical Systems (CPSs), which may miss safety-critical bugs. Optimization-guided falsification is promising to find violations of safety specifications, but not suitable for identifying traditional program bugs. This article presents a fuzzing process for finding safety violations at the development phase, which is guided by two quantities: a branch coverage metric to explore discrete program behaviors and a Linear Temporal Logic (LTL) robust satisfaction metric to identify undesirable continuous plant behaviors. We implement CPFuzz to demonstrate the utility of the idea and estimate its effectiveness on seven control system benchmarks. The results show up to a better performance in average time to find violations on all benchmarks than S-TaLiRo and six benchmarks than S3CAMX. Finally, we exploit CPFuzz to synthesize the sensor spoofing attack on a DC motor with fixed-point overflow vulnerability as a case study.

Keywords