Open Collections

Abstract

Robotic Autonomous Vehicles (RAVs) rely on onboard sensors for perception and autonomous decision making. However, RAVs are vulnerable to physical attacks, such as GPS spoofing and gyroscope manipulation, that exploit physical channels to compromise sensors. These attacks pose serious safety risks and can lead to widespread damage and mission failures. Traditional software security methods, such as cryptography or memory isolation, are ineffective against physical attacks. This thesis presents five comprehensive software solutions to secure RAVs against physical attacks. These solutions do not require any hardware modifications, and can be seamlessly integrated into RAV's existing software stacks. (1) RAVAGE introduces a configurable software tool that emulates physical attacks in a realistic and reproducible manner. It provides a software setup for benchmarking the impact of physical attacks and validating defense techniques. Building on this foundation, this thesis presents attack detection, diagnosis, and recovery techniques, which enable RAVs to operate safely even under adversarial interference. (2) PID-Piper introduces a Feed-Forward controller (FFC) that runs in tandem with the RAV’s primary controller and monitors it to detect attacks. The FFC uses a system model instead of corrupted sensor inputs; thus, it remains robust to attacks. Upon attack detection, the FFC takes over control to recover the RAV back to its desired state and enables mission completion. (3) DeLorean performs diagnosis to isolate the compromised sensors, and uses historical data to derive safe recovery actions. Its diagnosis-guided recovery mechanism enables reliable operation even under multi-sensor attacks. (4) SpecGuard combines multi-objective policy learning with adversarial training to achieve resilience against sensor perturbations. SpecGuard not only ensures mission completion under attack but also enforces safety specifications, such as avoiding collisions or preventing entry into restricted zones, during recovery. (5) ARMOR introduces a two-staged reinforcement learning framework that enables learning attack-resilient control policies. It first leverages attack-aware privileged information to accelerate robust policy learning in simulation, and then uses transfer learning to adapt the policy for real-world deployment. By developing comprehensive and practical software solutions for physical attack detection, diagnosis, and recovery, this work enables the deployment of RAVs in a wide range of safety critical applications.