Conducting safety simulations in various simulators, such as the Gazebo simulator, became a very popular means of testing vehicles against potential safety risks (i.e. crashes). However, this was not the case with security testing. Performing security testing in a simulator is very difficult because security attacks are performed on a different abstraction level. In addition, the attacks themselves are becoming more sophisticated, which directly contributes to the difficulty of executing them in a simulator. In this paper, we attempt to tackle the aforementioned gap by investigating possible attacks that can be simulated, and then performing their simulations. The presented approach shows that attacks targeting the LiDAR and GPS components of unmanned aerial vehicles can be simulated. This is achieved by exploiting vulnerabilities of the ROS and MAVLink protocol and injecting malicious processes into an application. As a result, messages with arbitrary values can be spoofed to the corresponding topics, which allows attackers to update relevant parameters and cause a potential crash of a vehicle. This was tested in multiple scenarios, thereby proving that it is indeed possible to simulate certain attack types, such as spoofing and jamming.

翻译：在Gazebo模拟器等多种仿真环境中开展安全仿真已成为测试车辆应对潜在安全风险（如碰撞）的主流手段，但在安全测试领域却并非如此。由于安全攻击发生在不同抽象层级，在仿真环境中进行安全测试极具挑战性。加之攻击手段日益复杂，更增加了在仿真器中复现攻击的难度。本文通过探究可模拟的攻击类型并实施仿真，致力于弥合上述研究空白。所提方法表明，针对无人机LiDAR和GPS组件的攻击可实现仿真。通过利用ROS和MAVLink协议的漏洞向应用程序注入恶意进程，即可向对应主题伪造任意数值的消息，使攻击者得以更新相关参数导致无人机坠毁。该方案经多场景测试验证，证实欺骗、干扰等特定攻击类型确实可在仿真环境中复现。