Building a Secure and Trustworthy Future for Robotics

The proliferation of robotic systems from controlled environments to real-world applications in homes, factories, and critical infrastructure has created an urgent need for a holistic, system-wide approach to security and privacy. The CyLab Robotics Security and Privacy Initiative (RSPI) is a multi-year, interdisciplinary research program that brings together experts to define foundational challenges and outline a path forward for building a trustworthy robotics ecosystem that is secure by design.

Robotics Security and Privacy Initiative logo

Securing the Future of Robotics and Autonomous Systems

Soon, robotics and autonomous systems will be ubiquitous within America's industrial infrastructure. But these systems are as susceptible — if not more — to privacy and security threats as existing online systems.

Research Challenges

Through the multi-year initiative, CyLab intends to develop a suite of novel foundations and technologies that address the following research challenges:

Foundational Concepts: Defining Threats and Approaches

Threat Models

In addition to attackers against traditional computing infrastructure, specialized threat models for robotics systems are needed because they frequently interact with the physical world and humans in the environment, and sometimes operate under real-time constraints. RSPI addresses these specialized threat models and offers strategies to help mitigate threats.

Systems Approaches to Security & Privacy in Robotics

Robotic systems involve the integration of complex mechanical, electrical, and software components within dynamic and uncertain environments. These integrations can create emergent security and privacy challenges that cannot always be anticipated in advance. RSPI explores the role of system-wide strategies for improving security and privacy in robotics, including assurance cases, risk assessment methodologies, and security- and privacy-by-design principles.

Core Components and Supply Chain: From Hardware to Software

Sensing and Hardware Privacy/Security

Undermining the security of a sensor or another component can render the data from that sensor useless or even undermine all downstream decisions from that component. On the flip side, the earlier in the pipeline privacy can be addressed, this can potentially aid confidentiality and security down the line. RSPI examines attacks and defenses on security and privacy for sensors and other hardware components.

Supply Chain Security re: Software and Hardware

Robotics systems contain complex software components and hardware components, which may come from a large number of sources, leaving a large attack surface for attackers to modify the component, causing security, privacy, or safety issues. RSPI researchers explore challenges and potential solutions to the supply chain security in the context of robotic systems.

Privacy & Security in Robotics Software Ecosystems

Software frameworks, middlewares, and package ecosystems such as ROS 2 enable modular and reusable robotics development but also introduce security, privacy, and safety challenges. RSPI identitifies the safety, security, and privacy challenges that arise from robotics software and explores the space of potential solutions.

Safety x AI and Machine Learning

Powerful AI technologies such as LLMs are increasingly being deployed in robotic systems, but they also introduce new, unique challenges for security, safety, and privacy. RSPI identifies potential use cases and risks of using AI in robotic systems and develops approaches for mitigating those risks.

Evaluation and Testing

Evaluation and Testing Frameworks

RSPI appraises current and develops new approaches to evaluating the security and privacy of robotic systems, and identify gaps and challenges in evaluation metrics, benchmarks, verification methods, and simulation-based and field testing.

External Factors: The Human and Regulatory Context

Human Factors

Many an allegedly-secure system has broken down as a result of its failure to address the human element. RSPI explores the ways humans interact with robotics and AI that go beyond interactions with other automated systems, and seeks to identify key questions and answers regarding human factors in security and privacy of robotics.

Policy Considerations

What regulations, certifications, standards, or policies should (or do) apply to security and privacy aspects of robotics? RSPI addresses this question in the context of existing regulations covering some aspects of robotics (e.g., in the U.S., FAA for flying robots and FCC for communication, FTC actions addressing unfair or deceptive practices resulting from poor security or privacy, or regulations governing medical devices and health data).

Meet our co-directors

Limin Jia

Limin Jia

Research Professor
Electrical and Computer Engineering

View bio

Eunsuk Kang

Eunsuk Kang

Associate Professor
Software and Societal Systems Department

View bio

Sarah Scheffler

Sarah Scheffler

Assistant Professor
Engineering and Public Policy, Software and Societal Systems Department

View bio

Sebastian Scherer

Sebastian Scherer

Associate Research Professor
Robotics Institute

View bio

Christopher Timperley

Christopher Timperley

Senior Systems Scientist
Robotics Institute, National Robotics Engineering Center

View bio

Become a sponsor

Interested in getting involved or sponsoring this initiative? Contact Michael Lisanti, Senior Director of Partnerships, at 412-268-1870 or mlisanti@andrew.cmu.edu.

Related News

CyLab to host Robotics Security and Privacy Workshop July 28-29

On July 28-29, CyLab will host a Robotics Security and Privacy Workshop on the Carnegie Mellon University campus, convening leading researchers and experts from across academia and industry to discuss strategic approaches to building trusted middleware and toolchains to foster a secure, privacy-preserving robotics ecosystem that is safe and trustworthy by design.