Vulnerability assessment for unmanned systems autonomy services architecture

Abstract

Unmanned Systems Autonomy Services (UxAS) is a set of networked software modules that collaboratively automate mission-level decision making for unmanned systems. Proposed, developed, and publicized by United States Air Force Research Laboratory (U.S. AFRL), UxAS has strong and promising implications in practice and it can be easily extended to support emulation and practical deployment of unmanned aerial vehicles (UAVs). Therefore, performing vulnerability assessment for UxAS is of significant importance. In this project, we first leveraged the threat-driven method to identify security requirements that focus on UxAS’ confidentiality, integrity, and availability. Next, we designed and developed fuzz tests to evaluate whether UxAS satisfies these requirements. Our experiments have shown that the current version of UxAS is vulnerable to a variety of attacks such as denial of service, message injection/replay, service self-destruct, and timing-based side-channel attacks. Finally, we studied the root-causes for these vulnerabilities and proposed mitigation strategies.