Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/179958
Title: Security testing of human-interactive systems
Authors: Deng, Gelei
Keywords: Computer and Information Science
Issue Date: 2024
Publisher: Nanyang Technological University
Source: Deng, G. (2024). Security testing of human-interactive systems. Doctoral thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/179958
Abstract: In an era where technology and human interaction are increasingly intertwined, human-interactive systems, such as robotics, web services, and artificial intelligence, play a pivotal role in our daily lives. From multi-robot systems managing complex tasks to large language model chatbots transforming human-machine communication, these systems are integral to modern society's functionality. However, ensuring the security of these systems poses a formidable challenge. Unlike traditional systems, human-interactive systems operate in environments with vast and unpredictable input/output spaces, making conventional security testing methods like fuzzing insufficient. This thesis addresses the critical and complex issue of conducting effective security testing on human-interactive systems. It tackles the unique challenges posed by the extensive and dynamic nature of these systems' interaction with both their environment and users. The research encapsulates four comprehensive studies, each targeting a different facet of human-interactive system security, yet collectively contributing to a broader understanding and enhancement of these systems' security. The first study delves into the Byzantine threats in Multi-Robot Systems (MRSs), revealing the intricate and expanded attack surface that arises from their collaborative nature. A novel methodology specific to the Robot Operating System (ROS) is introduced, demonstrating how traditional security approaches can be adapted and applied to these complex systems. In the realm of robotic operating systems, the second study focuses on ROS2, highlighting the vulnerabilities inherent in its security module, Secure ROS2 (SROS2). This research not only identifies critical security flaws but also proposes an innovative defense mechanism, showcasing the need for and application of advanced security measures in these systems. The third study shifts the focus to RESTful APIs, which are fundamental to web services yet are prone to overlooked vulnerabilities. The introduction of NAUTILUS, an advanced tool for detecting API vulnerabilities, underscores the importance of specialized security approaches in dealing with the nuanced and diverse nature of human-interactive systems. Finally, the thesis addresses security concerns in Large Language Model (LLM) chatbots. Through the development of Jailbreaker, a comprehensive framework, the research provides insights into the complex nature of security threats in AI-driven human interaction systems, highlighting the need for robust and adaptive security strategies. Overall, this thesis presents a novel and holistic approach to security testing in human-interactive systems, emphasizing the need for specialized methods to address their unique security challenges. By bridging the gap between traditional security testing methods and the dynamic nature of these systems, this research significantly advances the field of system security in the context of human-machine interaction.
URI: https://hdl.handle.net/10356/179958
Schools: College of Computing and Data Science 
Rights: This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0).
Fulltext Permission: open
Fulltext Availability: With Fulltext
Appears in Collections:CCDS Theses

Files in This Item:
File Description SizeFormat 
Thesis_Gelei_Deng_Revised.pdf6.93 MBAdobe PDFView/Open

Page view(s)

62
Updated on Sep 15, 2024

Download(s)

91
Updated on Sep 15, 2024

Google ScholarTM

Check

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.