What happens to an autonomous vehicle (AV) if its data are adversarially
compromised? Prior security studies have addressed this question through mostly
unrealistic threat models, with limited practical relevance, such as white-box
adversarial learning or nanometer-scale laser aiming and spoofing. With growing
evidence that cyber threats pose real, imminent danger to AVs and
cyber-physical systems (CPS) in general, we present and evaluate a novel AV
threat model: a cyber-level attacker capable of disrupting sensor data but
lacking any situational awareness. We demonstrate that even though the attacker
has minimal knowledge and only access to raw data from a single sensor (i.e.,
LiDAR), she can design several attacks that critically compromise perception
and tracking in multi-sensor AVs. To mitigate vulnerabilities and advance
secure architectures in AVs, we introduce two improvements for security-aware
fusion: a probabilistic data-asymmetry monitor and a scalable track-to-track
fusion of 3D LiDAR and monocular detections (T2T-3DLM); we demonstrate that the
approaches significantly reduce attack effectiveness. To support objective
safety and security evaluations in AVs, we release our security evaluation
platform, AVsec, which is built on security-relevant metrics to benchmark AVs
on gold-standard longitudinal AV datasets and AV simulators