Search

CN-118427834-B - Vulnerability detection optimization method, device and equipment for robot operating system

CN118427834BCN 118427834 BCN118427834 BCN 118427834BCN-118427834-B

Abstract

The invention relates to the field of program vulnerability detection and discloses a vulnerability detection optimization method, device and equipment of a robot operating system, wherein the method comprises the steps of acquiring registration information through a registration tracker and acquiring execution information of the robot operating system through a runtime tracker; the registration information comprises attributes related to a callback function and the type of the callback function, callback tracking is built according to the registration information and the execution information, the callback tracking is analyzed to verify whether a new system state is generated, a new test case is generated according to the new system state, and the new test case is used as a test case of the next round of circulation. The invention solves the problems of rough and incomplete fuzzy test of the loopholes of the robot operating system in the prior art.

Inventors

  • SHEN YUHENG
  • LIU JIANZHONG
  • XU YIRU
  • JIANG YU

Assignees

  • 清华大学

Dates

Publication Date
20260505
Application Date
20240429

Claims (9)

  1. 1. The vulnerability detection optimization method of the robot operating system is characterized by comprising the following steps of: Acquiring registration information through a registration tracker, and acquiring execution information of a robot operating system through the runtime tracker, wherein the registration information comprises attributes related to a callback function and the type of the callback function; Constructing callback tracking according to the registration information and the execution information; analyzing the callback tracking, and verifying whether a new system state is generated or not, wherein the method specifically comprises the steps of analyzing the callback tracking, and identifying the new system state according to a judging index, wherein the judging index comprises (1) judging whether the callback tracking comprises a new execution sequence or not, (2) judging whether the delay of a specific callback has deviation higher than a first preset threshold value from an established average reference value or not, (3) judging whether the throughput of a specific message has deviation lower than a second preset threshold value than the average reference value or not, and determining that the new system state is generated when at least one item in the judging index is true; And generating a new test case according to the new system state, and taking the new test case as a test case of the next round of circulation.
  2. 2. The method for optimizing vulnerability detection of a robot operating system according to claim 1, wherein the registration information acquired by the registration tracker, the execution information of the robot operating system acquired by the runtime tracker, specifically comprises: Installing a first tracker in a C++ user library layer of a robot operating system, and installing a second tracker in a general user library layer; When a user application program starts a callback registration process, recording a first callback attribute through the first tracker, and writing the first callback attribute into a data retrieval buffer area; when the callback registration process is transmitted to a general user library layer, recording a second callback attribute through the second tracker, and writing the second callback attribute into a data retrieval buffer area; when the executor of the C++ user library layer schedules callback functions to execute, the data generated in the execution process of the robot operating system are acquired through the runtime tracker, and are stored in a specific data retrieval buffer area after being aggregated.
  3. 3. The method for optimizing vulnerability detection of a robot operating system according to claim 1, wherein the constructing callback tracking according to the registration information and the execution information specifically comprises: Processing the registration data into structured information, wherein the structured information comprises callback serial numbers and processing programs of different layers; calculating a delay index based on the execution information in each fuzzy test cycle, the delay index including callback delay and message delay; and merging the callback delay and the message delay index to construct callback tracking, wherein the callback tracking is expressed as two different vectors, one vector represents callback delay, and the other vector represents message delay.
  4. 4. The method for optimizing vulnerability detection of robot operating system according to claim 3, wherein calculating the delay index based on the execution information in each fuzzy test cycle specifically comprises: determining callback delay according to the callback serial number, the processing program and the first timestamp; and determining message delay according to the callback serial number, the message buffer size and the second timestamp.
  5. 5. The vulnerability detection optimization method of robot operating system according to claim 4, wherein the callback serial numbers are generated by hash functions as unique identifiers for distinguishing various callback functions; the first timestamp comprises a timestamp when the callback function is called, a timestamp when the callback function starts to execute and a timestamp when the callback function ends to execute; the second timestamp includes a timestamp of message publication and subscription.
  6. 6. The method for optimizing vulnerability detection of robot operating system according to claim 1, wherein the runtime tracker comprises: the third tracker is used for recording a processing program of the target callback; a fourth tracker for recording a timestamp of the callback start time; a fifth tracker for recording a timestamp of the callback end time; a sixth tracker to record communication information including the size of the incoming message buffer and time stamps associated with publish and subscribe activities.
  7. 7. A vulnerability detection optimizing device of a robot operating system is characterized by comprising: The information collection module is used for obtaining registration information through the registration tracker and obtaining execution information of the robot operating system through the runtime tracker, wherein the registration information comprises attributes related to the callback function and the type of the callback function; the callback tracking construction module is used for constructing callback tracking according to the registration information and the execution information; The new state judging module is used for analyzing the callback tracking and verifying whether a new system state is generated or not, and specifically comprises the steps of analyzing the callback tracking and identifying the new system state according to judging indexes, wherein the judging indexes comprise (1) judging whether the callback tracking comprises a new execution sequence or not, (2) judging whether the delay of a specific callback has deviation higher than a first preset threshold value from an established average reference value or not, (3) judging whether the throughput of a specific message has deviation lower than a second preset threshold value or not, and determining that the new system state is generated when at least one of the judging indexes is true; and the case generation module is used for generating a new test case according to the new system state, and taking the new test case as the test case of the next round of circulation.
  8. 8. A vulnerability detection optimizing apparatus of a robot operating system, comprising: at least one processor, and A memory communicatively coupled to the at least one processor via a bus, wherein, The memory stores instructions executable by the at least one processor to implement the method of any one of claims 1-6.
  9. 9. A non-volatile storage medium storing computer executable instructions for execution by a processor to implement the method of any one of claims 1-6.

Description

Vulnerability detection optimization method, device and equipment for robot operating system Technical Field The present invention relates to the field of program vulnerability detection technologies, and in particular, to a vulnerability detection optimization method, device, and equipment for a robot operating system. Background Robot operating systems (Robot Operating System, ROS) have wide application in industrial and academic environments, becoming a de facto standard for developing robotic systems, and tens of thousands of robotic operating system-supported devices have now been incorporated into our daily lives. The robot operating system mainly comprises two parts, namely a robot operating system application program and a robot operating system running time. It can be deployed on a variety of operating systems including Linux, mac, and various real-time operating systems. The robot operating system is the core at runtime, providing basic functions such as message passing and callback scheduling. The top layer includes client library implementations, such as a C++ user library, a PYTHON user library, and a JAVA user library, providing application programming interface (Application Programming Interface, API) implementations in different languages for developing high-level applications. Below the top level is a robotic operating system client library (general user library), which is a standard interface to these APIs, providing basic functions such as system scheduling and callback management. To ensure compatibility with different data distribution services (Data Distribution Service, DDS) implementations, the universal user library relies on a robotic operating system middleware interface (RMW) as an intermediary bridge. This makes communication between distributed components more efficient. The robotic operating system application deploys various user-specific applications, each designed to perform a particular task. Each application is typically made up of multiple nodes, each with callbacks that communicate through topics and services. The node is responsible for a single modular purpose, its callbacks are functions that are invoked in response to specific events (e.g., receipt of messages or service requests), managed by the c++ user library executor, and these callbacks are scheduled according to real-time requirements of the robot operating system. The executors also ensure their consistent interactions with the message events. Fuzzy Testing (fuzzz Testing) has been successful as an efficient vulnerability discovery technique in a myriad of critical vulnerabilities found in various types of systems. The method is characterized in that various seeds meeting the input specification of an object to be tested are randomly generated to serve as test cases, and various anomaly detectors are used for monitoring potential vulnerabilities of a tested system. In addition, some fuzzy test engines also employ coverage as a guide to generate more efficient test cases. The method not only improves the comprehensiveness of the test, but also enhances the capability of discovering the loopholes. The current test cases are given higher mutation priority by checking whether the current test cases trigger new codes, and further the codes deeper in the system are tested. However, the control flow of the robot operating system is relatively fixed due to the concentration of the robot operating system to execute specific tasks, so that the variability of the code coverage rate is limited. Such limitations may prevent previous code coverage tests from fully capturing the complex and diverse state transitions within the robotic operating system. For example, different inputs may cause the system to exhibit distinct behavior patterns, which may not be adequately reflected in conventional code coverage tests, such as callback duration and message throughput, but may result in the same code coverage. As can be seen, traditional fuzzy test methods based on code coverage may not be sufficiently effective for a robotic operating system to fully explore its potential security vulnerabilities. Therefore, there is a need for a fuzzy test method that is more suitable for use with a robotic operating system. Disclosure of Invention The invention provides a vulnerability detection optimization method, device and equipment for a robot operating system, which solve the problems of rough and incomplete fuzzy test of the conventional vulnerability of the robot operating system. A vulnerability detection optimization method of a robot operating system comprises the following steps in a fuzzy test cycle of each robot operating system: Acquiring registration information through a registration tracker, and acquiring execution information of a robot operating system through the runtime tracker, wherein the registration information comprises attributes related to a callback function and the type of the callback function; Constructing cal