SoK: Security of the Image Processing Pipeline for Camera-based Sensing in Autonomous Vehicles

TL;DR

The paper surveys security and robustness research for the image processing pipeline in autonomous-vehicle cameras, arguing that attacks and defenses must be analyzed across all pipeline layers. It adopts ISO 21434 to build a consistent threat model, introduces the interactive threat-analysis tool TARA-CAM, and presents PICT, an open-source embedded testbed that spans physical world to application-layer components. By linking robustness literature to security concerns, the work identifies cross-layer defenses and gaps, enabling more realistic risk assessments and defense strategies. Three use-case analyses with PICT demonstrate practical benefits of holistic, pipeline-aware evaluation for strengthening sensor pipelines against current and future attacks. Together, these contributions offer a community resource for reproducible security and robustness research in automotive vision systems.

Abstract

Cameras capture images that are essential for many safety-critical tasks. To process these images, a complex pipeline with multiple layers is used. Security attacks on this pipeline can severely affect passenger safety and system performance. However, many attacks presented in scientific literature overlook the fact that there are different layers and, hence, the feasibility and impact of these attacks can vary. While there has been research to improve the quality and robustness of the image processing pipeline, these efforts are often orthogonal to security research without exploiting potential overlap and synergies. In this work, we aim to bridge this gap by combining security and robustness research for the image processing pipeline in autonomous vehicles. We thoroughly investigated the body of literature on the security and robustness of the image processing pipeline and selected 92 papers for deeper discussion in this SoK. For the security domain, we classify the risk of attacks using the automotive security standard ISO 21434, emphasizing the need to consider all layers for overall system security. With our online tool TARA-CAM, we propose an interactive method to perform threat analysis and risk assessment following the ISO standard. We also demonstrate how existing robustness research can help mitigate the impact of attacks, addressing the current research gap. Finally, we present PICT, an embedded open-source testbed that can influence various parameters across all layers, allowing researchers to analyze the effects of different defense strategies and attack impacts. With this SoK, we contribute a comprehensive discussion and systematic analysis of existing approaches to image processing pipeline security and robustness, together with an open-source tool and testbed that jointly facilitates hardening the image processing pipeline against existing and future security attacks.

Figures (7)

• Figure 1: Abstraction of the image processing pipeline of autonomous vehicles and the main contribution of our SoK.
• Figure 2: Overview of the image processing pipeline, consisting of four layers. Hardware components like the image sensor have solid edges, while software-configurable components have rounded corners, such as the ISP.
• Figure 3: Defensive analysis: blinding attack and HDR imaging as a possible mitigation for the region of interest.
• Figure 4: Histogram of the difference of Figures \ref{['fig:usecaseanalysis_blinding_lin']} and \ref{['fig:usecaseanalysis_blinding_hdr']}.
• Figure 5: Attack use case analysis: Physical adversarial sample compared to digital representation and improved digital representation for the region of interest.