9 research outputs found
Software doping – Theory and detection
Software is doped if it contains a hidden functionality that is intentionally included by the manufacturer and is not in the interest of the user or society. This thesis complements this informal definition by a set of formal cleanness definitions that characterise the absence of software doping. These definitions reflect common expectations on clean software behaviour and are applicable to many types of software, from printers to cars to discriminatory AI systems. We use these definitions to propose white-box and black-box analysis techniques to detect software doping. In particular, we present a provably correct, model-based testing algorithm that is intertwined with a probabilistic-falsification-based test input selection technique. We identify and explain how to overcome the challenges that are specific to real-world software doping tests and analyses. The most prominent example of software doping in recent years is the Diesel Emissions Scandal. We demonstrate the strength of our cleanness definitions and analysis techniques by applying them to emission cleaning systems of diesel cars. All our car related research is unified in a Car Data Platform. The mobile app LolaDrives is one building block of this platform; it supports conducting real-driving emissions tests and provides feedback to the user in how far a trip satisfies driving conditions that are defined by official regulations.Software ist gedopt wenn sie eine versteckte Funktionalität enthält, die vom Hersteller beabsichtigt ist und deren Existenz nicht im Interesse des Benutzers oder der Gesellschaft ist. Die vorliegende Arbeit ergänzt diese nicht formale Definition um eine Menge von Cleanness-Definitionen, die die Abwesenheit von Software Doping charakterisieren. Diese Definitionen spiegeln allgemeine Erwartungen an "sauberes" Softwareverhalten wider und sie sind auf viele Arten von Software anwendbar, vom Drucker über Autos bis hin zu diskriminierenden KI-Systemen. Wir verwenden diese Definitionen um sowohl white-box, als auch black-box Analyseverfahren zur Verfügung zu stellen, die in der Lage sind Software Doping zu erkennen. Insbesondere stellen wir einen korrekt bewiesenen Algorithmus für modellbasierte Tests vor, der eng verflochten ist mit einer Test-Input-Generierung basierend auf einer Probabilistic-Falsification-Technik. Wir identifizieren Hürden hinsichtlich Software-Doping-Tests in der echten Welt und erklären, wie diese bewältigt werden können. Das bekannteste Beispiel für Software Doping in den letzten Jahren ist der Diesel-Abgasskandal. Wir demonstrieren die Fähigkeiten unserer Cleanness-Definitionen und Analyseverfahren, indem wir diese auf Abgasreinigungssystem von Dieselfahrzeugen anwenden. Unsere gesamte auto-basierte Forschung kommt in der Car Data Platform zusammen. Die mobile App LolaDrives ist eine Kernkomponente dieser Plattform; sie unterstützt bei der Durchführung von Abgasmessungen auf der Straße und gibt dem Fahrer Feedback inwiefern eine Fahrt den offiziellen Anforderungen der EU-Norm der Real-Driving Emissions entspricht
On the road with RTLola : Testing real driving emissions on your phone
This paper is about shipping runtime verification to the masses. It presents the crucial technology enabling everyday car
owners to monitor the behaviour of their cars in-the-wild. Concretely, we present an Android app that deploys rtlola
runtime monitors for the purpose of diagnosing automotive exhaust emissions. For this, it harvests the availability of cheap
Bluetooth adapters to the On-Board-Diagnostics (obd) ports, which are ubiquitous in cars nowadays. The app is a central
piece in a set of tools and services we have developed for black-box analysis of automotive vehicles. We detail its use in
the context of real driving emission (rde) tests and report on sample runs that helped identify violations of the regulatory
framework currently valid in the European Union
RTLola on Board: Testing Real Driving Emissions on your Phone
This paper is about shipping runtime verification to the masses. It presents the crucial technology enabling everyday car owners to monitor the behaviour of their cars in-the-wild. Concretely, we present an Android app that deploys RTLola runtime monitors for the purpose of diagnosing automotive exhaust emissions. For this, it harvests the availability of cheap bluetooth adapters to the On-Board-Diagnostics (OBD) ports, which are ubiquitous in cars nowadays. We detail its use in the context of Real Driving Emissions (RDE) tests and report on sample runs that helped identify violations of the regulatory framework currently valid in the European Union
Doping Tests for Cyber-physical Systems
The software running in embedded or cyber-physical systems is typically of proprietary nature, so users do not know precisely what the systems they own are (in)capable of doing. Most malfunctionings of such systems are not intended by the manufacturer, but some are, which means these cannot be classified as bugs or security loopholes. The most prominent examples have become public in the diesel emissions scandal, where millions of cars were found to be equipped with software violating the law, altogether polluting the environment and putting human health at risk. The behaviour of the software embedded in these cars was intended by the manufacturer, but it was not in the interest of society, a phenomenon that has been called software doping. Due to the unavailability of a specification, the analysis of doped software is significantly different from that for buggy or insecure software and hence classical verification and testing techniques have to be adapted. The work presented in this article builds on existing definitions of software doping and lays the theoretical foundations for conducting software doping tests, so as to enable uncovering unethical manufacturers. The complex nature of software doping makes it very hard to effectuate doping tests in practice. We explain the main challenges and provide efficient solutions to realise doping tests despite this complexity.Fil: Biewer, Sebastian. Universitat Saarland; AlemaniaFil: D'argenio, Pedro Ruben. Universidad Nacional de CĂłrdoba. Facultad de Matemática, AstronomĂa y FĂsica; Argentina. Universitat Saarland; Alemania. Consejo Nacional de Investigaciones CientĂficas y TĂ©cnicas. Centro CientĂfico TecnolĂłgico Conicet - CĂłrdoba; ArgentinaFil: Hermanns, Holger. Universitat Saarland; Alemani
Is your software on dope? Formal analysis of surreptitiously "enhanced" programs
Usually, it is the software manufacturer who employs verification or testing
to ensure that the software embedded in a device meets its main objectives.
However, these days we are confronted with the situation that economical or
technological reasons might make a manufacturer become interested in the
software slightly deviating from its main objective for dubious reasons.
Examples include lock-in strategies and the emission scandals
in automotive industry. This phenomenon is what we call software doping. It is
turning more widespread as software is embedded in ever more devices of daily
use.
The primary contribution of this article is to provide a hierarchy of simple
but solid formal definitions that enable to distinguish whether a program is
clean or doped. Moreover, we show that these characterisations provide an
immediate framework for analysis by using already existing verification
techniques. We exemplify this by applying self-composition on sequential
programs and model checking of HyperLTL formulas on reactive models.Comment: To appear in the proceedings of ESOP 201
Conformance-Based Doping Detection forCyber-Physical Systems
We present a novel and generalised notion of doping clean-ness for cyber-physical systems that allows for perturbing the inputs andobserving the perturbed outputs both in the time– and value–domains.We instantiate our definition using existing notions of conformance forcyber-physical systems. We show that our generalised definitions are es-sential in a data-driven method for doping detection and apply our def-initions to a case study concerning diesel emission tests.</p