Holistic Bug Hunting: Enhancing Security and Robustness of Cyber-Physical Systems

2024-09-24
  • 499

[Abstract]

Cyber-Physical Systems (CPS) have gained significant attention in recent years due to their unique ability to seamlessly integrate physical systems with computational technologies. Since CPS are widely used in critical domains, including manufacturing, healthcare, and mobility, various categories of bugs in CPS leading to attacks or internal failures can potentially result in catastrophic consequences on human lives. Unfortunately, existing bug-finding methods, which have proven highly effective, are primarily designed for testing conventional software systems and focus on a specific type of bug, namely, memory errors. Therefore, it is imperative to develop a new generation of bug hunting tools tailored for CPS, in order to keep pace with the growing complexity of CPS and fight a broader spectrum of cyber-physical bugs, such as logic errors.
My research is dedicated to the holistic protection of cyber-physical systems from attacks and failures through the identification and elimination of bugs. In this talk, I will introduce two bug-hunting frameworks I have developed, capable of autonomously identifying diverse types of bugs within the fundamental layers of CPS: the application/middleware layer and the operating system layer. Specifically, I will first demonstrate how robotic applications differ from traditional software systems and how these differences can be leveraged to reveal critical semantic correctness. Then, I will present an efficient approach to exploring the extensive state space of the operating system kernel, extending bug detection beyond memory errors to encompass a wide spectrum of semantic bugs.

[Biography]

Seulbae Kim is an Assistant Professor in the Department of Computer Science and Engineering at Pohang University of Science and Technology (POSTECH). He earned his Ph.D. degree in Computer Science from Georgia Institute of Technology, and his M.S. and B.S. degrees in Computer Science and Engineering from Korea University. His research focuses on cyber-physical systems, with a strong emphasis on enhancing their security and robustness. Notably, he has discovered over 250 previously unknown bugs across various components of cyber-physical systems, including the operating systems and applications. His work has been published in top-tier conferences in security (S&P, CCS), software engineering (ESEC/FSE, ICSE) and systems (SOSP).

LIST