UCI Team Collaborates on $15M Grant to Secure Cyber-Physical Systems
Sept. 3, 2024 - Each week, people in Los Angeles and San Francisco are taking more than 100,000 rides in self-driving vehicles, known as robotaxis. “As autonomous cyber-physical systems, such as autonomous cars, drones, and rovers, are increasingly used in everyday life, the security vulnerabilities of such systems are becoming more exposed to real-world attackers,” says Alfred Chen, a professor of computer science at UC Irvine. “This can result in life-critical threats to human safety.”
Chen and his team of researchers in the Donald Bren School of Information and Computer Sciences (ICS) have shown how autonomous vehicles can be tricked into dangerous driving. “If a robotaxi can be made to deliberately fail in detecting pedestrians or to drive the wrong way, the consequences can be a matter of life and death. The same applies to autonomous drones hijacked by adversaries.”
Understanding the critical need to address such security issues, the U.S. Defense Advanced Research Projects Agency (DARPA) recently awarded a three-year $15 million grant to a team of security researchers from UCI, Arizona State University, and Huntington Ingalls Industries (HII). Funded through the Faithful Integration, Reverse-engineering, and Emulation (FIRE) program, the award supports the multi-institutional SENPAI project — Strategic Exploration, Navigation and Patching of Abstracted Integrations.
“The overall project goal is to discover end-to-end security vulnerabilities in any cyber-physical system within 30 days or less,” says Chen. “The main targets are safety- and mission-critical cyber-physical systems such as autonomous vehicles, drones, and rovers.”
The Race to Discover Vulnerabilities
The UCI team was awarded $2 million, with Chen serving as the UCI lead principal investigator. Serving as co-principal investigator is Mohammad Al Faruque, a professor of electrical engineering and computer science in the Samueli School of Engineering. Chen and Al Faruque will lead a project team housed within the Center for Embedded and Cyber-physical Systems (CECS), where faculty and students from a variety of fields conduct cutting-edge interdisciplinary research on embedded systems.
The UCI team will focus on discovering new types of end-to-end security vulnerabilities — that is, cyber-physical vulnerabilities (CPVs). “Leveraging our existing expertise in CPS security, my group is leading CPV discovery at the AI, software, and networking stacks, while Professor Al Faruque’s group is leading the CPV discovery at the sensing, control, and hardware stacks,” says Chen. “Together, we cover the full-stack vulnerability discovery capabilities.”
It’s imperative to explore cross-layer security and understand how, for example, a vulnerability in a sensor can propagate through the control layer and eventually affect the actuators, or motors, to cause physical damage.
“My group pioneers such cross-layer cyber-physical security and kinetic attacks,” says Al Faruque. “We first started exploring such vulnerabilities in 2015. Our previous work on sensor security has demonstrated that it causes significant safety and reliability issues in critical infrastructures like power grids and transportation.”
Chen and Al Faruque agree that CECS is the perfect environment for conducting this research. Bringing together 36 of the top faculty researchers in the area of CPS from three UC campuses, as well as over 70 students and numerous visiting researchers from around the world, CECS is recognized as an international epicenter of research in embedded systems design tools and methods.
The SENPAI Project
While UCI focuses on CPS security, the team at ASU will study cyber vulnerabilities and HII will focus on classified tasks. “The larger SENPAI team expertise is naturally complementary,” says Chen. “Together, we have expertise in hardware and software security and CPS safety, along with real-world experience studying CPVs in drones and autonomous vehicles. We understand how to leverage modeling, simulation, and reverse engineering to not only secure cyber-physical systems but do so in an efficient and timely manner.”
- Shani Murray