imhotep smt a satisfiability modulo theory solver for
play

IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State - PowerPoint PPT Presentation

Nov 06, 2022 •198 likes •1.12k views

IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State Estimation Yasser Shoukry 1 Pierluigi Nuzzo 2 , Alberto Puggelli 2 , Alberto Sangiovani-Vincentelli 2 , Sanjit A. Seshia 2 , Mani Srivastava 1 , and Paulo Tabuada 1 1 EE Department

  1. IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State Estimation Yasser Shoukry 1 Pierluigi Nuzzo 2 , Alberto Puggelli 2 , Alberto Sangiovani-Vincentelli 2 , Sanjit A. Seshia 2 , Mani Srivastava 1 , and Paulo Tabuada 1 1 EE Department University of California Los Angeles 2 EECS Department, University of California Berkeley Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 1 / 30

  2. Motivation: Sensor Attacks Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 2 / 30

  3. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  4. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  5. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  6. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 4 / 30

  7. Secure State Estimation Problem Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 5 / 30

  8. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) ���� noise Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  9. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  10. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  11. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  12. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  13. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Objective: estimate the state of the physical system x ( t ) ∈ R n . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  14. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Example: a car with two states position , velocity and three sensors: Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ;         y GPS ( t ) 1 0 ψ GPS ( t ) 0 � p ( t ) � If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption,  =  + y odometer ( t ) 0 1 + ψ odometer ( t ) a odometer ( t ) s = 1       v ( t ) no stochastic model, etc.). y IMU ( t ) 0 1 ψ IMU ( t ) 0 Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Objective: estimate the state of the physical system x ( t ) ∈ R n . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  15. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) ���� noise Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  16. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  17. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack Example: a car with two states position , velocity and three sensors: vector Although sensors are heterogeneous, the physical quantities they measure are         y GPS ( t ) 1 0 ψ GPS ( t ) 0 correlated. � p ( t ) �  =  + y odometer ( t ) 0 1 + ψ odometer ( t ) a odometer ( t ) s = 1       v ( t ) y IMU ( t ) ψ IMU ( t ) 0 1 0 v ( t ) ≃ ( p ( t ) − p ( t − 1 )) / ( T s ) Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  18. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  19. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . This model: Captures adversarial attacks, non-adversarial faults, cooperative and non-cooperative attacks, ... Does not depend on how the sensor measurements are corrupted (e.g. sensor-level spoofing, spoofing communication channel, ...). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  20. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . This model: Captures adversarial attacks, non-adversarial faults, cooperative and non-cooperative attacks, ... Does not depend on how the sensor measurements are corrupted (e.g. sensor-level spoofing, spoofing communication channel, ...). For sake of simplicity, in this talk, I will consider the noise-free case ( ψ ( t ) = µ ( t ) = 0 ). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

Recommend

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS,

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS,

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS, Pescara, February 10, 2017 David Monniaux (VERIMAG) A Survey of Satisfiability Modulo Theory 2017-02-10 1 / 48 STATOR SMT = SAT + theories SAT =

521 views • 48 slides
SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures

SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures

SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures Last Time Propositional Logic Today 1. Combining SAT and Theory Solvers 2. Theory Solvers Theory of Equality Theory of Uninterpreted

1.14k views • 72 slides
Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1 Leonardo de Moura 2 1 New York University 2 Microsoft Research 7th International Workshop on Satisfiability Modulo Theories Aug 3, 2009 Montreal, Canada

1.33k views • 86 slides
Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 31, 2019 Satisfiability Modulo Theories Some problems are more naturally expressed in other logics than

752 views • 33 slides
G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo Theories Theory Solvers Combining Decision Procedures Abstract DPLL Modulo Theories Example Application: Translation Validation 2

470 views • 35 slides
Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule

Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule

Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule Introduction Propositional logic First-order logic Applications Beyond DPLL(T) Qvantifier elimination Interpolants 2 / 182 Who I am David

2.35k views • 197 slides
Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School, Linz, Austria February 3, 2014 SMT : Basic Architecture Theory SAT SMT Solvers Equality + UF Arithmetic Case Analysis Bit-vectors Nikolaj is

681 views • 55 slides
Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura SRI International NYU Microsoft Research Satisfiability Modulo Theories and DPLL(T) Problem Check a given formula for satisfiability modulo the

889 views • 65 slides
SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for

SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for

SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for Computational Logic Technische Universit at Dresden Germany Motivation Propositional Logic and Satisfiability Proof Theory and SAT Solving

640 views • 49 slides
Session 1 Verification of Combinational Circuits Satisfiability Solver

Session 1 Verification of Combinational Circuits Satisfiability Solver

Session 1 Verification of Combinational Circuits Satisfiability Solver Albert-Ludwigs-Universitt Freiburg HI Lewis / Schubert / Becker Verification and SAT Solving Satisfiability Solver 1 / 129 Literatur Albert-Ludwigs-Universitt

2.04k views • 186 slides
Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Applications of SMT solvers Alessandro Cimatti Embedded System Unit Fondazione Bruno Kessler Trento, Italy cimatti@fbk.eu Applications of SMT solvers @ SAT/SMT School, Helsinki, July 2013 Satisfiability Modulo Theories SMT solvers are

1.09k views • 27 slides
13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann Aina Niemetz Giles Reger Tjark Weber Background SMT-COMP is an annual competition between SMT solvers. It was first held in 2005. Satisfiability

470 views • 17 slides
Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio Fondazione Bruno Kessler, Trento, Italy Joint work with A. Irfan, A. Cimatti, M. Roveri, R. Sebastiani Executive Summary Main idea Abstract

487 views • 24 slides
CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina

CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina

The conflict-driven reasoning paradigm Conflict-driven reasoning in theory combination The CDSAT transition system Discussion CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina Dipartimento di

610 views • 45 slides
Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto

Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto

Deduction at Scale Seminar 2011 Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto Griggio FBK-IRST, Trento joint work with Thi Thieu Hoa Le and Roberto Sebastiani, DISI - Univ. Trento Introduction

767 views • 39 slides
Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand, and Natarajan Shankar Uni. degli Studi di Verona - CNRS - SRI International CADE, 8th August 2017 1/39 This talk is about the quantifier-free core

2.09k views • 180 slides
11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon

11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon

11th International Satisfiability Modulo Theories Competition SMT-COMP 2016 Sylvain Conchon David D eharbe Matthias Heizmann Tjark Weber The Numbers 17 teams participated Solvers: Main track 25 2 non-competitive Application

695 views • 22 slides
Satisfiability Modulo Difference Logic Combinatorial Problem Solving (CPS) Albert Oliveras

Satisfiability Modulo Difference Logic Combinatorial Problem Solving (CPS) Albert Oliveras

Satisfiability Modulo Difference Logic Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 25, 2016 Basic Definitions Given a directed graph G = ( V, E ) with weight function w : E R , the weight w (

405 views • 14 slides
13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann Aina Niemetz Giles Reger Tjark Weber Outline Design and scope Main changes from last years competition Short presentation of solvers

794 views • 65 slides
Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department

Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department

Integrating Answer Set Programming and Satisfiability Modulo Theories Ilkka Niemel Department of Information and Computer Science Aalto University Ilkka.Niemela@aalto.fi (Joint work with Tomi Janhunen) Deduction at Scale, Schloss Ringberg,

585 views • 26 slides
SMT Unsat Core Minimization OFER GUTHMANN, OFER STRICHMAN, ANNA TRO STANETSKI FMCAD2016 1 SMT

SMT Unsat Core Minimization OFER GUTHMANN, OFER STRICHMAN, ANNA TRO STANETSKI FMCAD2016 1 SMT

SMT Unsat Core Minimization OFER GUTHMANN, OFER STRICHMAN, ANNA TRO STANETSKI FMCAD2016 1 SMT MUCS Satisfiability Modulo Theories Satisfiability Modulo Theories (SMT): decides satisfiability of formulas over first order theories, by

394 views • 26 slides
12th International Satisfiability Modulo Theories Competition SMT-COMP 2017 Matthias Heizmann

12th International Satisfiability Modulo Theories Competition SMT-COMP 2017 Matthias Heizmann

12th International Satisfiability Modulo Theories Competition SMT-COMP 2017 Matthias Heizmann (co-organizer) Giles Reger (co-organizer) Tjark Weber (chair) Outline Main changes over last competition Benchmarks with unknown

565 views • 45 slides
SMT-COMP 2019 14th International Satisfiability Modulo Theories Competition Liana Hadarean Antti

SMT-COMP 2019 14th International Satisfiability Modulo Theories Competition Liana Hadarean Antti

SMT-COMP 2019 14th International Satisfiability Modulo Theories Competition Liana Hadarean Antti Hyv arinen Aina Niemetz Giles Reger SMT Workshop, July 7-8, 2019, Lisbon, Portugal SMT-COMP annual competition for SMT solvers on

775 views • 40 slides
Proofs in Satisfiability Modulo Theories Clark Barrett (NYU) Leonardo de Moura (Microsoft

Proofs in Satisfiability Modulo Theories Clark Barrett (NYU) Leonardo de Moura (Microsoft

Proofs in Satisfiability Modulo Theories Clark Barrett (NYU) Leonardo de Moura (Microsoft Research) Pascal Fontaine (Inria, Loria, U. Lorraine) APPA: All about Proofs, Proofs for All X . X July 18, 2014 July 18, 2014 1 / 41 An

910 views • 76 slides

More recommend