Uncovering Failures in Cyber-Physical System State Transitions: A Fuzzing-Based Approach Applied to sUAS

TL;DR

This paper introduces SaFUZZ, a state-aware fuzzing framework for sUAS that detects failures in state transitions, visualizes root causes, and is validated in simulation and real-world tests.

Contribution

We develop SaFUZZ, a novel fuzzing pipeline that validates sUAS decision logic, generates Fault Trees for failure analysis, and demonstrates effectiveness in real-world scenarios.

Findings

SaFUZZ identified previously undetected failure points.

Fuzzing results validated in both simulation and real-world tests.

SaFUZZ provides a scalable approach for safety validation of sUAS.

Abstract

The increasing deployment of small Uncrewed Aerial Systems (sUAS) in diverse and often safety-critical environments demands rigorous validation of onboard decision logic under various conditions. In this paper, we present SaFUZZ, a state-aware fuzzing pipeline that validates core behavior associated with state transitions, automated failsafes, and human operator interactions in sUAS applications operating under various timing conditions and environmental disturbances. We create fuzzing specifications to detect behavioral deviations, and then dynamically generate associated Fault Trees to visualize states, modes, and environmental factors that contribute to the failure, thereby helping project stakeholders to analyze the failure and identify its root causes. We validated SaFUZZ against a real-world sUAS system and were able to identify several points of failure not previously detected by the system's development team. The fuzzing was conducted in a high-fidelity simulation environment, and outcomes were validated on physical sUAS in a real-world field testing setting. The findings from the study demonstrated SaFUZZ's ability to provide a practical and scalable approach to uncovering diverse state transition failures in a real-world sUAS application.