a formally verified optimized monitor
play

A Formally Verified, Optimized Monitor for Metric First-Order - PowerPoint PPT Presentation

Dec 13, 2022 •175 likes •1.01k views

A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic David Basin, Thibault Dardinier, Lukas Heimes, Sran Krsti , Martin Raszyk , Joshua Schneider and Dmitriy Traytel Department of Computer Science 1 Dmitriy Joshua

  1. A Formally Verified, Optimized Monitor for Metric First-Order Dynamic Logic David Basin, Thibault Dardinier, Lukas Heimes, Srđan Krstić , Martin Raszyk , Joshua Schneider and Dmitriy Traytel Department of Computer Science 1

  2. Dmitriy Joshua Srđan Martin Rocket engineer Monitoring researcher Working formalizer Quality assurer All characters and events mentioned in this presentation are entirely fictitious. The paper is real. 2

  3. Act I: Going to Space Dmitriy Joshua Rocket engineer Monitoring researcher Where: WASA Cafeteria When: One week before the IJCAR deadline 3

  4. Monitoring Background image: NASA/JPL-Caltech/MSSS 4

  5. Monitoring Correct behavior? Background image: NASA/JPL-Caltech/MSSS 4

  6. Monitoring Observations Correct behavior? at runtime Background image: NASA/JPL-Caltech/MSSS 4

  7. Monitoring Observations Correct behavior? at runtime Monitor Background image: NASA/JPL-Caltech/MSSS 4

  8. Specifications Metric First-Order Temporal Logic (MFOTL) with aggregations 5

  9. Specifications Metric First-Order Temporal Logic (MFOTL) with aggregations t ::= x | c | t + t | t × t | ... ϕ ::= p ( t 1 ,..., t n ) | t = t | t < t | t ≤ t | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | x ← Ω x ; � x . ϕ | ... Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] 5

  10. Specifications Examples: Metric First-Order Temporal Logic (MFOTL) with aggregations Published reports must have been approved in the past seven days. t ::= x | c | t + t | t × t | ... publish ( r ) → � [ 0 , 7 d ] approve ( r ) ϕ ::= p ( t 1 ,..., t n ) (where � I ϕ = true S I ϕ ) | t = t | t < t | t ≤ t | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | x ← Ω x ; � x . ϕ | ... Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] 5

  11. Specifications Examples: Metric First-Order Temporal Logic (MFOTL) with aggregations Published reports must have been approved in the past seven days. t ::= x | c | t + t | t × t | ... publish ( r ) → � [ 0 , 7 d ] approve ( r ) ϕ ::= p ( t 1 ,..., t n ) (where � I ϕ = true S I ϕ ) | t = t | t < t | t ≤ t | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ Maximum radiation must not exceed | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ 3 Roentgen. ( m ← MAX x . rad ( x )) → m ≤ 3 | x ← Ω x ; � x . ϕ | ... Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] 5

  12. Monitors Formal specification publish ( r ) → � [ 0 , 7 d ] approve ( r ) Log/trace/event stream Verdict . . . . . . ✓ 29/05/2020 15:03 approve(report41) [ JACM 2015] ✓ 29/05/2020 15:24 publish(report41) ✓ 09/06/2020 13:45 approve(report67) ✗ (report41) 10/06/2020 07:51 publish(report41) ✓ 10/06/2020 07:52 publish(report67) . . . . . . 6

  13. Monitors Formal specification publish ( r ) → � [ 0 , 7 d ] approve ( r ) Log/trace/event stream Verdict . . . . . . ✓ 29/05/2020 15:03 approve(report41) [ JACM 2015] ✓ 29/05/2020 15:24 publish(report41) ✓ 09/06/2020 13:45 approve(report67) ✗ (report41) 10/06/2020 07:51 publish(report41) ✓ 10/06/2020 07:52 publish(report67) . . . . [RV 2019] . . 6

  14. Let’s try ... Spec 1: The robot must not start to move if three or more transmissions of the same data failed within the last ten minutes without a successful transmission in between. 7

  15. Let’s try ... Spec 1: The robot must not start to move if three or more transmissions of the same data failed within the last ten minutes without a successful transmission in between. Spec 2: The module with the highest energy consumption within the second to last minute must be reported to ground control. 7

  16. MFOTL subset of MFOTL with aggregations no aggregations t ::= x | c | t + t | t × t | ... t ::= x | c ϕ ::= p ( t 1 ,..., t n ) ϕ ::= p ( t 1 ,..., t n ) | t = t | t < t | t ≤ t | t = t | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | x ← Ω t ; � x . ϕ Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] I ::= [ N , N ∪ {∞} ] 8

  17. MFOTL subset of MFOTL with aggregations no aggregations t ::= x | c | t + t | t × t | ... t ::= x | c ϕ ::= p ( t 1 ,..., t n ) ϕ ::= p ( t 1 ,..., t n ) | t = t | t < t | t ≤ t | t = t | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | x ← Ω t ; � x . ϕ cannot express Spec 2! Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] I ::= [ N , N ∪ {∞} ] 8

  18. Spec 1 in MFOTL: MFOTL subset of MFOTL with aggregations no aggregations t ::= x | c | t + t | t × t | ... t ::= x | c � � � [ 0 , x 1 ] ( ¬ com_ok ( d ) S [ 0 , x 2 ] ( com_fail ( d ) ∧ ϕ ::= p ( t 1 ,..., t n ) ϕ ::= p ( t 1 ,..., t n ) x ∈ N 6 , � [ 0 , x 3 ] ( ¬ com_ok ( d ) S [ 0 , x 4 ] ( com_fail ( d ) ∧ | t = t | t < t | t ≤ t | t = t � i x i = 600 � � [ 0 , x 5 ] ( ¬ com_ok ( d ) S [ 0 , x 6 ] com_fail ( d )))))) → ¬ move | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ | x ← Ω t ; � x . ϕ Ω ::= MAX | MIN | CNT | SUM | AVG I ::= [ N , N ∪ {∞} ] I ::= [ N , N ∪ {∞} ] 8

  19. Spec 1 in MFOTL: MFOTL subset of MFOTL � � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 600 ] � � com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] with aggregations no aggregations � � ( com_fail ( d ) ∧ � [ 0 , 1 ] ( ¬ com_ok ( d ) S [ 0 , 599 ] com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] � ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 2 ] ( ¬ com_ok ( d ) S [ 0 , 598 ] com_fail ( d )))))) ∨ t ::= x | c | t + t | t × t | ... t ::= x | c � � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 3 ] ( ¬ com_ok ( d ) S [ 0 , 597 ] � � com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ϕ ::= p ( t 1 ,..., t n ) ϕ ::= p ( t 1 ,..., t n ) � � ( com_fail ( d ) ∧ � [ 0 , 4 ] ( ¬ com_ok ( d ) S [ 0 , 596 ] com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] � ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 5 ] ( ¬ com_ok ( d ) S [ 0 , 595 ] com_fail ( d )))))) ∨ | t = t | t < t | t ≤ t | t = t � � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 6 ] ( ¬ com_ok ( d ) S [ 0 , 594 ] � � com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ | ¬ ϕ | ϕ ∧ ϕ | ∃ x . ϕ � � ( com_fail ( d ) ∧ � [ 0 , 7 ] ( ¬ com_ok ( d ) S [ 0 , 593 ] com_fail ( d )))))) ∨ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] � ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 8 ] ( ¬ com_ok ( d ) S [ 0 , 592 ] com_fail ( d )))))) | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ ∨ | � I ϕ | � I ϕ | ϕ S I ϕ | ϕ U I ϕ � � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 0 ] ( ¬ com_ok ( d ) S [ 0 , 0 ] ( com_fail ( d ) ∧ � [ 0 , 9 ] ( ¬ com_ok ( d ) S [ 0 , 591 ] | x ← Ω t ; � � ∨ ... x . ϕ com_fail ( d )))))) Ω ::= MAX | MIN | CNT | SUM | AVG 664 353 676 371 disjuncts, assuming discrete time in seconds I ::= [ N , N ∪ {∞} ] I ::= [ N , N ∪ {∞} ] 8

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1.

Formally verified constraint solvers Catherine Dubois 1 Sourour Elloumi 1 Arnaud Gotlieb 2 1. CEDRIC-ENSIIE, Evry, France 2. Certus V&amp;V Center, SIMULA RESEARCH LAB., Lysaker, Norway Dagstuhl Seminar 15381 1 / 23 Formally verified

501 views • 28 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo

A Formally Verified Quadratic Unification Algorithm J.-L. Ruiz-Reina, J.-A. Alonso, M.-J. Hidalgo and F .-J. Mart n-Mateos Computational Logic Group Dept. of Computer Science and Artificial Intelligence University of Seville A Formally

356 views • 32 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina

VigNAT: A Formally Verified NAT Arseniy Zaostrovnykh, Solal Pirelli, Luis Pedrosa, Katerina Argyraki, George Candea Formally verify a stateful NF with competitive performance and reasonable human effort 2 Formally verify a stateful NF with

836 views • 81 slides
Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer ,

Formally Verified Differential Dynamic Logic (in Isabelle/HOL and Coq) Brandon Bohrer , Vincent Rahli, Ivana Vukotic, Marcus Vlp, Andr Platzer Thanks to: Johannes Hlzl, Fabian Immler, Tobias Nipkow, et. al. + Coquelicot team

540 views • 38 slides
A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu

A Formally Verified Symmetry Breaking Tool for SAT David E. Narv aez den9562@rit.edu Rochester Institute of Technology Rochester, NY, USA FMCAD-18 Student Forum David E. Narv aez (RIT) Formally Verified Symmetry Breaking Tool FMCAD-18

215 views • 6 slides
Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts

Towards an Open-Source, Formally-Verified Secure Processor Srini Devadas Massachusetts Institute of Technology Architectural Isolation of Processes Fundamental to maintaining correctness and privacy! 2 Performance Dictates

959 views • 43 slides
The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser |

The Formally Verified seL4 Microkernel High-Assurance Foundation for MCS Gernot Heiser | gernot.heiser@data61.csiro.au | @GernotHeiser RTCSA Keynote, Aug20 https://trustworthy.systems What Is Needed For Mixed-Criticality? During a

539 views • 29 slides
Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for

Towards A Formally Verified Network-on-Chip Tom van den Broek 1 Julien Schmaltz 12 1 Institute for Computing and Information Sciences Radboud University Nijmegen The Netherlands 2 School of Computer Science Open University The Netherlands

778 views • 62 slides
A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste

A Formally Verified Compiler for Lustre Timothy Bourke 1 , 2 Llio Brun 1 , 2 Pierre-variste Dagand 4 , 3 , 1 Xavier Leroy 1 Marc Pouzet 4 , 2 , 1 Lionel Rieg 5 , 6 1. Inria Paris 2. DI, cole normale suprieure 3. CNRS 4. Univ. Pierre et

1.15k views • 96 slides
FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model Patrick Lincoln and John Rushby Computer Science Laboratory SRI International Menlo Park CA USA FTCS 93 1 Summary What we have

494 views • 25 slides
Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime

Micro-Policies Formally Verified, Tag-Based Security Monitors Arthur Azevedo de Amorim Maxime Dns Nick Giannarakis Ctlin Hricu Benjamin C. Pierce Antal Spector-Zabusky Andrew Tolmach May 20, 2015 1 How can we design secure

900 views • 79 slides
Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim

Fusing Hybrid Remote Attestation with a Formally Verified Microkernel: Lessons Learned Karim Eldefrawy, Norrathep Rattanavipanon , Gene Tsudik June 28, 2017 nrattana@uci.edu http://sprout.ics.uci.edu IoT/CPS/ES IoT/CPS/ES IoT/CPS/ES Remote

451 views • 33 slides
Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint

Obtaining Provably Secure Services from Formally Verified Remote Attestation Gene Tsudik 1 Joint work with: Ivan De Oliveira Nunes 1 , Karim Eldefrawy 2 , Norrathep Rattanavipanon 1 University of California Irvine 1 , SRI International 2 1 In

847 views • 48 slides
NORM and TENORM Brandon C. NuGall, PG 113661 Eastern

NORM and TENORM Brandon C. NuGall, PG 113661 Eastern

NORM and TENORM Brandon C. NuGall, PG 113661 Eastern Mineral Law Founda2on Lexington, Kentucky, 19-Oct-2016 Caveat What is a pico-Curie

426 views • 20 slides
Welcome to #WIGWednesday May 13, 2020 The Value Of Good Chemistry During Challenging Times

Welcome to #WIGWednesday May 13, 2020 The Value Of Good Chemistry During Challenging Times

Welcome to #WIGWednesday May 13, 2020 The Value Of Good Chemistry During Challenging Times Moderated by: Representative Mary Littleton (TN) MAY 13, 2020 Women In Governments Board of Directors Secretary Chair Vice Chair Treasurer Past

393 views • 25 slides
Regulations 241 The content presented in this section is based on a variety of sources. Slide 2

Regulations 241 The content presented in this section is based on a variety of sources. Slide 2

Slide 1 Regulations 241 The content presented in this section is based on a variety of sources. Slide 2 U.S. Food Safety Regulations Department of Agriculture (USDA) meat, poultry, and eggs FDA all other foods Department of

263 views • 7 slides
Thirsty Farming Explorer Challenge: Build an argument for and against using chemicals in

Thirsty Farming Explorer Challenge: Build an argument for and against using chemicals in

Thirsty Farming Explorer Challenge: Build an argument for and against using chemicals in farming Resource 2 1 Chemicals used in Agriculture Pesticides- include all materials that are used to prevent, destroy or reduce pest organisms.

235 views • 6 slides
Speech Generation From Concept and from Text Martin Jansche CS 6998 2004-02-11 Components of

Speech Generation From Concept and from Text Martin Jansche CS 6998 2004-02-11 Components of

Speech Generation From Concept and from Text Martin Jansche CS 6998 2004-02-11 Components of spoken output systems Front end: From input to control parameters. From naturally occurring text; or From constrained mark-up language; or

420 views • 27 slides
spectroscopy; interaction between radiation &amp; matter (1) Maria Novella Piancastelli Sorbonne

spectroscopy; interaction between radiation &amp; matter (1) Maria Novella Piancastelli Sorbonne

Intro to SR &amp; FEL spectroscopy; interaction between radiation &amp; matter (1) Maria Novella Piancastelli Sorbonne Universits, UPMC Univ Paris 06, CNRS, Laboratoire de Chimie Physique-Matire et Rayonnement, Paris, France Department of

1.28k views • 59 slides
Observa+on tools origins of modern science Galileo Galilei

Observa+on tools origins of modern science Galileo Galilei

Synchrotron Radia+on Liu Lin LNLS Brazilian Synchrotron Light Laboratory Mexican Par+cle Accelerator School 2nd Edi+on, Synchrotron Radia+on, Liu Lin,

828 views • 63 slides
Message Biomedical Imaging Advances in Localizing Nodes and Image-guided wire localization

Message Biomedical Imaging Advances in Localizing Nodes and Image-guided wire localization

3/7/2015 UCSF Department of Radiology and Message Biomedical Imaging Advances in Localizing Nodes and Image-guided wire localization is Tumors and Who Should Do It? Breast designed to assist the surgeon in Why and How of

298 views • 7 slides

More recommend