Yunkai Wang,He Zhu,Quyu Kong,Rong Xiong,Yue Wang

DOI: https://doi.org/10.23919/ccc63176.2024.10661639

2024-01-01

Abstract:This paper proposes a framework for a networked cloud-controlled autonomous driving system. It involves transmitting the vehicle’s location, structured perception data, and real-time images to a cloud server. The cloud server autonomously makes decisions based on the received data and sends the decision results to the vehicle. The vehicle, in turn, plans trajectories and controls based on these decision results. Additionally, a remote operator can engage in manual teleoperation using visual real-time images and structured abstract data, assisting the vehicle in making better decisions or manually setting more complex tasks. This paper designs and builds a complete autonomous driving real-word platform and networked cloud control platform. The neural network, trained through reinforcement learning and reinforcement learning, is deployed on the cloud for behavior decision-making. It controls the vehicle to drive over 27 kilometers at approximately $60 \mathrm{~km} / \mathrm{h}$ in real-world open scenarios, successfully completing multiple interactions with other vehicles. This validates the feasibility of the system.

Cong Gao,Geng Wang,Weisong Shi,Zhongmin Wang,Yanping Chen

DOI: https://doi.org/10.1109/jiot.2021.3130054

IF: 10.6

2021-01-01

IEEE Internet of Things Journal

Abstract:The autonomous driving industry has mushroomed over the past decade. Although autonomous driving has undoubtedly become one of the most promising technologies of this century, its development faces multiple challenges, of which security is the major concern. In this article, we present a thorough analysis of autonomous driving security. First, the attack surface of autonomous driving is presented. After an analysis of the operation of autonomous driving in terms of key components and technologies, the security of autonomous driving is elaborated in four dimensions: 1) sensors; 2) operating system; 3) control system; and 4) vehicle-to-everything (V2X) communication. Sensor security is examined from five components, which are mainly responsible for self-positioning and environmental perception. The analysis of operating system security, the second dimension, is concentrated on the robot operating system. Concerning the control system security, the controller area network is approached mainly from vulnerabilities and protection measures. The fourth dimension, V2X communication security, is probed from four categories of attacks: 1) authenticity/identification; 2) availability; 3) data integrity; and 4) confidentiality with corresponding solutions. Moreover, the drawbacks of existing methods adopted in the four dimensions are also provided. Finally, a conceptual multilayer defense framework is proposed to secure the information flow from external communication to the physical autonomous vehicle.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kui Ren,Qian Wang,Cong Wang,Zhan Qin,Xiaodong Lin

DOI: https://doi.org/10.1109/jproc.2019.2948775

IF: 20.6

2019-01-01

Proceedings of the IEEE

Abstract:Autonomous vehicles (AVs) have promised to drastically improve the convenience of driving by releasing the burden of drivers and reducing traffic accidents with more precise control. With the fast development of artificial intelligence and significant advancements of the Internet of Things technologies, we have witnessed the steady progress of autonomous driving over the recent years. As promising as it is, the march of autonomous driving technologies also faces new challenges, among which security is the top concern. In this article, we give a systematic study on the security threats surrounding autonomous driving, from the angles of perception, navigation, and control. In addition to the in-depth overview of these threats, we also summarize the corresponding defense strategies. Furthermore, we discuss future research directions about the new security threats, especially those related to deep-learning-based self-driving vehicles. By providing the security guidelines at this early stage, we aim to promote new techniques and designs related to AVs from both academia and industry and boost the development of secure autonomous driving.

Xugui Zhou,Anna Schmedding,Haotian Ren,Lishan Yang,Philip Schowitz,Evgenia Smirni,Homa Alemzadeh

DOI: https://doi.org/10.48550/arXiv.2204.06768

2022-07-05

Abstract:A growing number of vehicles are being transformed into semi-autonomous vehicles (Level 2 autonomy) by relying on advanced driver assistance systems (ADAS) to improve the driving experience. However, the increasing complexity and connectivity of ADAS expose the vehicles to safety-critical faults and attacks. This paper investigates the resilience of a widely-used ADAS against safety-critical attacks that target the control system at opportune times during different driving scenarios and cause accidents. Experimental results show that our proposed Context-Aware attacks can achieve an 83.4% success rate in causing hazards, 99.7% of which occur without any warnings. These results highlight the intolerance of ADAS to safety-critical attacks and the importance of timely interventions by human drivers or automated recovery mechanisms to prevent accidents.

Software Engineering,Cryptography and Security

Francesco Marchiori,Alessandro Brighente,Mauro Conti

2024-05-14

Abstract:Autonomous driving is a research direction that has gained enormous traction in the last few years thanks to advancements in Artificial Intelligence (AI). Depending on the level of independence from the human driver, several studies show that Autonomous Vehicles (AVs) can reduce the number of on-road crashes and decrease overall fuel emissions by improving efficiency. However, security research on this topic is mixed and presents some gaps. On one hand, these studies often neglect the intrinsic vulnerabilities of AI algorithms, which are known to compromise the security of these systems. On the other, the most prevalent attacks towards AI rely on unrealistic assumptions, such as access to the model parameters or the training dataset. As such, it is unclear if autonomous driving can still claim several advantages over human driving in real-world applications. This paper evaluates the inherent risks in autonomous driving by examining the current landscape of AVs and establishing a pragmatic threat model. Through our analysis, we develop specific claims highlighting the delicate balance between the advantages of AVs and potential security challenges in real-world scenarios. Our evaluation serves as a foundation for providing essential takeaway messages, guiding both researchers and practitioners at various stages of the automation pipeline. In doing so, we contribute valuable insights to advance the discourse on the security and viability of autonomous driving in real-world applications.

Cryptography and Security

Yao Deng,Xi Zheng,Tianyi Zhang,Chen Chen,Guannan Lou,Miryung Kim

DOI: https://doi.org/10.48550/arXiv.2002.02175

2020-02-06

Abstract:Nowadays, autonomous driving has attracted much attention from both industry and academia. Convolutional neural network (CNN) is a key component in autonomous driving, which is also increasingly adopted in pervasive computing such as smartphones, wearable devices, and IoT networks. Prior work shows CNN-based classification models are vulnerable to adversarial attacks. However, it is uncertain to what extent regression models such as driving models are vulnerable to adversarial attacks, the effectiveness of existing defense techniques, and the defense implications for system and middleware builders. This paper presents an in-depth analysis of five adversarial attacks and four defense methods on three driving models. Experiments show that, similar to classification models, these models are still highly vulnerable to adversarial attacks. This poses a big security threat to autonomous driving and thus should be taken into account in practice. While these defense methods can effectively defend against different attacks, none of them are able to provide adequate protection against all five attacks. We derive several implications for system and middleware builders: (1) when adding a defense component against adversarial attacks, it is important to deploy multiple defense methods in tandem to achieve a good coverage of various attacks, (2) a blackbox attack is much less effective compared with a white-box attack, implying that it is important to keep model details (e.g., model architecture, hyperparameters) confidential via model obfuscation, and (3) driving models with a complex architecture are preferred if computing resources permit as they are more resilient to adversarial attacks than simple models.

Signal Processing,Cryptography and Security,Machine Learning

Nicola Raemy,Galia Kondova

DOI: https://doi.org/10.54941/ahfe100953

2022-01-01

Abstract:Cybersecurity in autonomous driving is of utmost importance since a hacked self-driving car could turn into a remote-controlled weapon. Appropriate measures must be taken and implemented to ensure future road safety. The substantially shorter renewal cycles in the hardware (e.g., sensors, computer hardware) and especially software domain compared to the current service life of a vehicle represent a further challenge The use of blockchain technology could enhance security in autonomous driving and thus reduce cybersecurity risks. This paper studies current developments of Swiss pilot projects in autonomous driving and discusses existing solutions for increasing safety of autonomous driving through blockchain.

Lu Wang,Tianyuan Zhang,Yikai Han,Muyang Fang,Ting Jin,Jiaqi Kang

2024-09-12

Abstract:With recent breakthroughs in deep neural networks, numerous tasks within autonomous driving have exhibited remarkable performance. However, deep learning models are susceptible to adversarial attacks, presenting significant security risks to autonomous driving systems. Presently, end-to-end architectures have emerged as the predominant solution for autonomous driving, owing to their collaborative nature across different tasks. Yet, the implications of adversarial attacks on such models remain relatively unexplored. In this paper, we conduct comprehensive adversarial security research on the modular end-to-end autonomous driving model for the first time. We thoroughly consider the potential vulnerabilities in the model inference process and design a universal attack scheme through module-wise noise injection. We conduct large-scale experiments on the full-stack autonomous driving model and demonstrate that our attack method outperforms previous attack methods. We trust that our research will offer fresh insights into ensuring the safety and reliability of autonomous driving systems.

Machine Learning,Artificial Intelligence

Amirhosein Chahe,Chenan Wang,Abhishek Jeyapratap,Kaidi Xu,Lifeng Zhou

2024-05-15

Abstract:This paper introduces an attacking mechanism to challenge the resilience of autonomous driving systems. Specifically, we manipulate the decision-making processes of an autonomous vehicle by dynamically displaying adversarial patches on a screen mounted on another moving vehicle. These patches are optimized to deceive the object detection models into misclassifying targeted objects, e.g., traffic signs. Such manipulation has significant implications for critical multi-vehicle interactions such as intersection crossing and lane changing, which are vital for safe and efficient autonomous driving systems. Particularly, we make four major contributions. First, we introduce a novel adversarial attack approach where the patch is not co-located with its target, enabling more versatile and stealthy attacks. Moreover, our method utilizes dynamic patches displayed on a screen, allowing for adaptive changes and movement, enhancing the flexibility and performance of the attack. To do so, we design a Screen Image Transformation Network (SIT-Net), which simulates environmental effects on the displayed images, narrowing the gap between simulated and real-world scenarios. Further, we integrate a positional loss term into the adversarial training process to increase the success rate of the dynamic attack. Finally, we shift the focus from merely attacking perceptual systems to influencing the decision-making algorithms of self-driving systems. Our experiments demonstrate the first successful implementation of such dynamic adversarial attacks in real-world autonomous driving scenarios, paving the way for advancements in the field of robust and secure autonomous driving.

Robotics,Computer Vision and Pattern Recognition,Machine Learning

Xudong Pan,Qifan Xiao,Mi Zhang,Min Yang

DOI: https://doi.org/10.48550/arXiv.2207.08556

2022-07-18

Cryptography and Security

Abstract:Self-driving cars (SDC) commonly implement the perception pipeline to detect the surrounding obstacles and track their moving trajectories, which lays the ground for the subsequent driving decision making process. Although the security of obstacle detection in SDC is intensively studied, not until very recently the attackers start to exploit the vulnerability of the tracking module. Compared with solely attacking the object detectors, this new attack strategy influences the driving decision more effectively with less attack budgets. However, little is known on whether the revealed vulnerability remains effective in end-to-end self-driving systems and, if so, how to mitigate the threat. In this paper, we present the first systematic research on the security of object tracking in SDC. Through a comprehensive case study on the full perception pipeline of a popular open-sourced self-driving system, Baidu's Apollo, we prove the mainstream multi-object tracker (MOT) based on Kalman Filter (KF) is unsafe even with an enabled multi-sensor fusion mechanism. Our root cause analysis reveals, the vulnerability is innate to the design of KF-based MOT, which shall error-handle the prediction results from the object detectors yet the adopted KF algorithm is prone to trust the observation more when its deviation from the prediction is larger. To address this design flaw, we propose a simple yet effective security patch for KF-based MOT, the core of which is an adaptive strategy to balance the focus of KF on observations and predictions according to the anomaly index of the observation-prediction deviation, and has certified effectiveness against a generalized hijacking attack model. Extensive evaluation on $4$ KF-based existing MOT implementations (including 2D and 3D, academic and Apollo ones) validate the defense effectiveness and the trivial performance overhead of our approach.

Zishen Wan,Yiming Gan,Bo Yu,Shaoshan Liu,Arijit Raychowdhury,Yuhao Zhu

2024-09-30

Abstract:The next ubiquitous computing platform, following personal computers and smartphones, is poised to be inherently autonomous, encompassing technologies like drones, robots, and self-driving cars. Ensuring reliability for these autonomous machines is critical. However, current resiliency solutions make fundamental trade-offs between reliability and cost, resulting in significant overhead in performance, energy consumption, and chip area. This is due to the "one-size-fits-all" approach commonly used, where the same protection scheme is applied throughout the entire software computing stack. This paper presents the key insight that to achieve high protection coverage with minimal cost, we must leverage the inherent variations in robustness across different layers of the autonomous machine software stack. Specifically, we demonstrate that various nodes in this complex stack exhibit different levels of robustness against hardware faults. Our findings reveal that the front-end of an autonomous machine's software stack tends to be more robust, whereas the back-end is generally more vulnerable. Building on these inherent robustness differences, we propose a Vulnerability-Adaptive Protection (VAP) design paradigm. In this paradigm, the allocation of protection resources - whether spatially (e.g., through modular redundancy) or temporally (e.g., via re-execution) - is made inversely proportional to the inherent robustness of tasks or algorithms within the autonomous machine system. Experimental results show that VAP provides high protection coverage while maintaining low overhead in both autonomous vehicle and drone systems.

Robotics

Kabid Hassan Shibly,Hiroyuki Inoue,Yuzo Taenaka,Youki Kadobayashi,Md Delwar Hossain

DOI: https://doi.org/10.1080/08839514.2023.2193461

IF: 2.777

2023-03-26

Applied Artificial Intelligence

Abstract:Connected and Autonomous Vehicles (CAVs) offer improved efficiency and convenience through innovative embedded devices. However, the development of these technologies has often neglected security measures, leading to vulnerabilities that can be exploited by hackers. Conceding that a CAV system is compromised, it can result in unsafe driving conditions and pose a threat to human safety. Prioritizing both security measures and functional enhancements on development of CAVs is essential to ensure their safety and reliability and enhance consumer trust in the technology. CAVs use artificial intelligence to control their driving behavior, which can be easily influenced by small changes in the model that can significantly impact and potentially mislead the system. To address this issue, this study proposed a defense mechanism that uses an autoencoder and a compressive memory module to store normal image features and prevent unexpected generalization on adversarial inputs. The proposed solution was studied against Hijacking, Vanishing, Fabrication, and Mislabeling attacks using FGSM and AdvGAN against the Nvidia Dave-2 driving model, and was found to be effective, with success rates of 93.8% and 91.2% in a Whitebox setup, and 74.1% and 64.4% in a Blackbox setup for FGSM and AdvGAN, respectively. That improves the results by 24.7% in Whitebox setup 21.5% in Blackbox setup.

computer science, artificial intelligence,engineering, electrical & electronic

Yali Yuan,Robert Tasik,Sripriya Srikant Adhatarao,Yachao Yuan,Zheli Liu,Xiaoming Fu

DOI: https://doi.org/10.48550/arXiv.2004.01286

2020-04-03

Abstract:With the rapid development of autonomous driving, collision avoidance has attracted attention from both academia and industry. Many collision avoidance strategies have emerged in recent years, but the dynamic and complex nature of driving environment poses a challenge to develop robust collision avoidance algorithms. Therefore, in this paper, we propose a decentralized framework named RACE: Reinforced Cooperative Autonomous Vehicle Collision AvoidancE. Leveraging a hierarchical architecture we develop an algorithm named Co-DDPG to efficiently train autonomous vehicles. Through a security abiding channel, the autonomous vehicles distribute their driving policies. We use the relative distances obtained by the opponent sensors to build the VANET instead of locations, which ensures the vehicle's location privacy. With a leader-follower architecture and parameter distribution, RACE accelerates the learning of optimal policies and efficiently utilizes the remaining resources. We implement the RACE framework in the widely used TORCS simulator and conduct various experiments to measure the performance of RACE. Evaluations show that RACE quickly learns optimal driving policies and effectively avoids collisions. Moreover, RACE also scales smoothly with varying number of participating vehicles. We further compared RACE with existing autonomous driving systems and show that RACE outperforms them by experiencing 65% less collisions in the training process and exhibits improved performance under varying vehicle density.

Networking and Internet Architecture,Robotics

Hui Cao,Wenlong Zou,Yinkun Wang,Ting Song,Mengjun Liu

2022-10-19

Abstract:Since the 2004 DARPA Grand Challenge, the autonomous driving technology has witnessed nearly two decades of rapid development. Particularly, in recent years, with the application of new sensors and deep learning technologies extending to the autonomous field, the development of autonomous driving technology has continued to make breakthroughs. Thus, many carmakers and high-tech giants dedicated to research and system development of autonomous driving. However, as the foundation of autonomous driving, the deep learning technology faces many new security risks. The academic community has proposed deep learning countermeasures against the adversarial examples and AI backdoor, and has introduced them into the autonomous driving field for verification. Deep learning security matters to autonomous driving system security, and then matters to personal safety, which is an issue that deserves attention and research.This paper provides an summary of the concepts, developments and recent research in deep learning security technologies in autonomous driving. Firstly, we briefly introduce the deep learning framework and pipeline in the autonomous driving system, which mainly include the deep learning technologies and algorithms commonly used in this field. Moreover, we focus on the potential security threats of the deep learning based autonomous driving system in each functional layer in turn. We reviews the development of deep learning attack technologies to autonomous driving, investigates the State-of-the-Art algorithms, and reveals the potential risks. At last, we provides an outlook on deep learning security in the autonomous driving field and proposes recommendations for building a safe and trustworthy autonomous driving system.

Cryptography and Security,Artificial Intelligence,Machine Learning

Tong Wang,Gang Zhao,Huan Deng,Hu Li,Qianjin Du,Zhan Hu,Xiaohui Kuang

DOI: https://doi.org/10.1109/ISCC58397.2023.10218291

2023-07-09

Abstract:Deep learning-based autonomous driving systems have been extensively researched due to their superior performance compared to traditional methods. Specifically, end-to-end deep learning systems have been developed, which directly output control signals for vehicles using various sensor inputs. However, deep learning techniques are vulnerable to security issues, generating adversarial examples that can attack the output of the relevant model. This paper proposes an adversarial example generation method that applies a patch to pedestrians' clothing, which can generate dangerous behaviors when the pedestrian appears within the camera lens, thereby attacking the end-to-end autonomous driving system. The proposed method is validated using the CARLA simulator, and the results demonstrate successful attacks in various weather and lighting conditions, exposing the security vulnerabilities of this type of system. This study highlights the need for further research to address these vulnerabilities and ensure the safety of autonomous driving systems.

Engineering,Computer Science

Di Wang

DOI: https://doi.org/10.62051/ijcsit.v4n1.36

2024-09-13

International Journal of Computer Science and Information Technology

Abstract:With the rapid development of information technology and the increasing maturity of intelligent transportation systems, autonomous vehicles, as an important carrier of future travel, are gradually moving from concept to commercial application. However, the highly connected and intelligent nature of autonomous vehicles also makes them face unprecedented cybersecurity and privacy protection challenges. This paper deeply discusses the security threats and privacy disclosure risks of autonomous vehicles in network architecture, data transmission, data processing and other links, and systematically reviews the current technical means and research progress to address these challenges. This paper Outlines the data collection and transmission mechanism of autonomous vehicles, including the collection and processing of sensor data as well as the communication process between vehicles and the cloud, other vehicles and transportation infrastructure, and analyzes in detail the network security threats faced by autonomous vehicles, including remote control attacks, malware attacks, communication hijacking, etc. These threats can lead to serious consequences such as vehicle failure, data breach, or system crash. At the same time, the paper also points out the challenges faced by autonomous vehicles in terms of privacy protection, such as the risk of leakage of sensitive data such as personal location information and driving habits, as well as the risk of data abuse and sharing. In order to address the above challenges, this paper focuses on the technical research progress of cybersecurity and privacy protection of autonomous vehicles. In the aspect of network security, this paper discusses the key technical means such as data encryption, access control, intrusion detection and response system, and emphasizes the importance of security hardware and software in improving the overall security of the system. In terms of privacy protection, this paper proposes strategies such as anonymization and desensitization technology, privacy protection protocols and standards to protect users' privacy from invasion.

Ziwen Wan,Junjie Shen,Jalen Chuang,Xin Xia,Joshua Garcia,Jiaqi Ma,Qi Alfred Chen

DOI: https://doi.org/10.48550/arXiv.2201.04610

2022-01-12

Cryptography and Security

Abstract:In high-level Autonomous Driving (AD) systems, behavioral planning is in charge of making high-level driving decisions such as cruising and stopping, and thus highly securitycritical. In this work, we perform the first systematic study of semantic security vulnerabilities specific to overly-conservative AD behavioral planning behaviors, i.e., those that can cause failed or significantly-degraded mission performance, which can be critical for AD services such as robo-taxi/delivery. We call them semantic Denial-of-Service (DoS) vulnerabilities, which we envision to be most generally exposed in practical AD systems due to the tendency for conservativeness to avoid safety incidents. To achieve high practicality and realism, we assume that the attacker can only introduce seemingly-benign external physical objects to the driving environment, e.g., off-road dumped cardboard boxes. To systematically discover such vulnerabilities, we design PlanFuzz, a novel dynamic testing approach that addresses various problem-specific design challenges. Specifically, we propose and identify planning invariants as novel testing oracles, and design new input generation to systematically enforce problemspecific constraints for attacker-introduced physical objects. We also design a novel behavioral planning vulnerability distance metric to effectively guide the discovery. We evaluate PlanFuzz on 3 planning implementations from practical open-source AD systems, and find that it can effectively discover 9 previouslyunknown semantic DoS vulnerabilities without false positives. We find all our new designs necessary, as without each design, statistically significant performance drops are generally observed. We further perform exploitation case studies using simulation and real-vehicle traces. We discuss root causes and potential fixes.

Patrick Wolf

2024-03-28

Abstract:Autonomous driving vehicles provide a vast potential for realizing use cases in the on-road and off-road domains. Consequently, remarkable solutions exist to autonomous systems' environmental perception and control. Nevertheless, proof of safety remains an open challenge preventing such machinery from being introduced to markets and deployed in real world. Traditional approaches for safety assurance of autonomously driving vehicles often lead to underperformance due to conservative safety assumptions that cannot handle the overall complexity. Besides, the more sophisticated safety systems rely on the vehicle's perception systems. However, perception is often unreliable due to uncertainties resulting from disturbances or the lack of context incorporation for data interpretation. Accordingly, this paper illustrates the potential of a modular, self-adaptive autonomy framework with integrated dynamic risk management to overcome the abovementioned drawbacks.

Robotics

Wei Jiang,Lu Wang,Tianyuan Zhang,Yuwei Chen,Jian Dong,Wei Bao,Zichao Zhang,Qiang Fu

DOI: https://doi.org/10.3390/electronics13163299

IF: 2.9

2024-08-21

Electronics

Abstract:Autonomous driving technology has advanced significantly with deep learning, but noise and attacks threaten its real-world deployment. While research has revealed vulnerabilities in individual intelligent tasks, a comprehensive evaluation of these impacts across complete end-to-end systems is still underexplored. To address this void, we thoroughly analyze the robustness of four end-to-end autonomous driving systems against various noise and build the RobustE2E Benchmark, including five traditional adversarial attacks and a newly proposed Module-Wise Attack specifically targeting end-to-end autonomous driving in white-box settings, as well as four major categories of natural corruptions (a total of 17 types, with five severity levels) in black-box settings. Additionally, we extend the robustness evaluation from the open-loop model level to the closed-loop case studies of autonomous driving system level. Our comprehensive evaluation and analysis provide valuable insights into the robustness of end-to-end autonomous driving, which may offer potential guidance for targeted improvements to models. For example, (1) even the most advanced end-to-end models suffer large planning failures under minor perturbations, with perception tasks showing the most substantial decline; (2) among adversarial attacks, our Module-Wise Attack poses the greatest threat to end-to-end autonomous driving models, while PGD-l2 is the weakest, and among four categories of natural corruptions, noise and weather are the most harmful, followed by blur and digital distortion being less severe; (3) the integrated, multitask approach results in significantly higher robustness and reliability compared with the simpler design, highlighting the critical role of collaborative multitask in autonomous driving; and (4) the autonomous driving systems amplify the model's lack of robustness, etc. Our research contributes to developing more resilient autonomous driving models and their deployment in the real world.

engineering, electrical & electronic,computer science, information systems,physics, applied

H M Sabbir Ahmad,Ehsan Sabouni,Akua Dickson,Wei Xiao,Christos G. Cassandras,Wenchao Li

2024-03-25

Abstract:We address the security of a network of Connected and Automated Vehicles (CAVs) cooperating to safely navigate through a conflict area (e.g., traffic intersections, merging roadways, roundabouts). Previous studies have shown that such a network can be targeted by adversarial attacks causing traffic jams or safety violations ending in collisions. We focus on attacks targeting the V2X communication network used to share vehicle data and consider as well uncertainties due to noise in sensor measurements and communication channels. To combat these, motivated by recent work on the safe control of CAVs, we propose a trust-aware robust event-triggered decentralized control and coordination framework that can provably guarantee safety. We maintain a trust metric for each vehicle in the network computed based on their behavior and used to balance the tradeoff between conservativeness (when deeming every vehicle as untrustworthy) and guaranteed safety and security. It is important to highlight that our framework is invariant to the specific choice of the trust framework. Based on this framework, we propose an attack detection and mitigation scheme which has twofold benefits: (i) the trust framework is immune to false positives, and (ii) it provably guarantees safety against false positive cases. We use extensive simulations (in SUMO and CARLA) to validate the theoretical guarantees and demonstrate the efficacy of our proposed scheme to detect and mitigate adversarial attacks.

Systems and Control