Automatic discovery and diagnosis of security and safety defects in autonomous driving software

Abstract

The technology behind Autonomous Driving (AD) is rapidly evolving, with companies like Waymo and Baidu already offering commercial robotaxi services in San Francisco and Wuhan, respectively, and Tesla planning its own service. Given the critical safety implications of AD systems, concerns about their reliability and security are slowing widespread adoption. To address these issues, it is essential to understand the boundary of how well AD vehicles handle unexpected real-world scenarios and how secure they are against potential attacks. Improving software testing and analysis techniques can enhance the safety and security of AD vehicles, accelerating their deployment. My dissertation focuses on enhancing testing and debugging in the AD software development life cycle through innovative automated tools. First, I analyzed the security of the AD software planning component and identified a new type of vulnerability: semantic DoS vulnerabilities, which can be exploited by real-world physical threats and have severe consequences. Second, I developed PlanFuzz, a new modular testing tool designed to efficiently discover zero-day semantic DoS vulnerabilities in the planning component. Unlike existing designs that rely on time-consuming and potentially buggy simulators, our novel approach directly connects fuzzing, the proven successful software testing techniques, with AD software testing for planning components. This significantly enhances the ability to discover new vulnerabilities within a realistic time frame. We evaluate PlanFuzz on 3 planning implementations from practical open-source AD systems, and find that it can effectively discover 9 previously-unknown semantic DoS vulnerabilities without false positives. Finally, I introduced an automated cause analysis tool for the AD software stack. This tool, which follows testing, efficiently and automatically identifies the root causes of discovered issues, enabling timely fixes for bugs and vulnerabilities. >98.5% of the manual efforts can be saved with such automated approach.