ICSE'20接收的一篇论文。综述了Baidu Apollo和Autoware这两个开源软件中的各种安全漏洞。

【摘要】

Self-driving cars, or Autonomous Vehicles (AVs), are increasingly becoming an integral part of our daily life. About 50 corporations are actively working on AVs, including large companies such as Google, Ford, and Intel. Some AVs are already operating on public roads, with at least one unfortunate fatality recently on record. As a result, understanding bugs in AVs is critical for ensuring their security, safety, robustness, and correctness. While previous studies have focused on a variety of domains (e.g., numerical software; machine learning; and error-handling, concurrency, and performance bugs) to investigate bug characteristics, AVs have not been studied in a similar manner. Recently, two software systems for AVs, Baidu Apollo and Autoware, have emerged as frontrunners in the opensource community and have been used by large companies and governments (e.g., Lincoln, Volvo, Ford, Intel, Hitachi, LG, and the US Department of Transportation). From these two leading AV software systems, this paper describes our investigation of 16,851 commits and 499 AV bugs and introduces our classification of those bugs into 13 root causes, 20 bug symptoms, and 18 categories of software components those bugs often affect. We identify 16 major findings from our study and draw broader lessons from them to guide the research community towards future directions in software bug detection, localization, and repair. 无人驾驶汽车或称自动驾驶汽车( Autonomous Vehicle,以下简称AVs)越来越成为我们日常生活中不可或缺的一部分。大约有50家公司正在积极从事AV业务,其中包括Google,Ford和Intel等大型公司。一些自动驾驶汽车已经在公共道路上行驶,最近有至少一次不幸的死亡记录。因此,了解AV中的错误对于确保其安全性,安全性,鲁棒性和正确性至关重要。虽然先前的研究集中在各种领域(例如,数值软件、机器学习以及错误处理,并发和性能错误)以调查错误特征,但尚未以类似方式研究AV。最近,两种用于AV的软件系统Baidu Apollo和Autoware成为开源社区的领跑者,并已被大型公司和政府(例如,林肯,沃尔沃,福特,英特尔,日立,LG和美国交通部)使用。本文从这两个领先的AV软件系统中,描述了我们对16,851个提交和499个AV错误的调查,并介绍了将这些错误分类为13个根本原因,20个错误症状以及18个此类错误经常影响的软件组件的类别。我们从研究中识别出16个主要发现,并从中吸取更多经验教训,以指导研究社区朝着软件错误检测,本地化和修复的未来方向发展。

【陈齐团队介绍】 自2018年建组以来,陈齐博士带领团队专攻自动驾驶和智慧交通安全领域。作为学术界首个针对工业级自动驾驶软件安全开展研究的实验室,在短短两年内创造了多个第一:

  • 首个对无人车中基于激光雷达(LiDAR)的目标检测(object detection)算法的攻击和防御,发表于系统安全顶级会议CCS’19和Usenix Security’20;
  • 首个对无人车中目标跟踪(object tracking)算法的攻击,发表于机器学习顶级会议ICLR’20;
  • 首个对无人车中自动车道保持(lane keeping)算法的攻击,获得系统安全顶级会议NDSS’20 Best Technical Poster Award;
  • 首个对无人车定位中传感器融合(sensor fusion)算法的攻击,发表于系统安全顶级会议Usenix Security’20;
  • 首个对无人车软件缺陷的系统分析,发表于软件工程顶级会议ICSE’20。 (摘自 上海交大软件安全研究组GoSSIP公众号

内容中包含的图片若涉及版权问题,请及时与我们联系删除