imhotep smt a satisfiability modulo theory solver for
play

IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State - PowerPoint PPT Presentation

Nov 06, 2022 •198 likes •1.12k views

IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State Estimation Yasser Shoukry 1 Pierluigi Nuzzo 2 , Alberto Puggelli 2 , Alberto Sangiovani-Vincentelli 2 , Sanjit A. Seshia 2 , Mani Srivastava 1 , and Paulo Tabuada 1 1 EE Department

  1. IMHOTEP-SMT: A Satisfiability Modulo Theory Solver For Secure State Estimation Yasser Shoukry 1 Pierluigi Nuzzo 2 , Alberto Puggelli 2 , Alberto Sangiovani-Vincentelli 2 , Sanjit A. Seshia 2 , Mani Srivastava 1 , and Paulo Tabuada 1 1 EE Department University of California Los Angeles 2 EECS Department, University of California Berkeley Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 1 / 30

  2. Motivation: Sensor Attacks Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 2 / 30

  3. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  4. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  5. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 3 / 30

  6. Motivation: Noninvasive Spoofing Sensor Attacks Y. Shoukry, P . D. Martin, P . Tabuada, and M. B. Srivastava, “Noninvasive Spoofing Attacks for Anti-Lock Braking Systems,” in Workshop on Cryptographic Hardware and Embedded Systems 2013. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 4 / 30

  7. Secure State Estimation Problem Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 5 / 30

  8. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) ���� noise Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  9. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  10. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  11. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  12. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  13. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ; If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption, no stochastic model, etc.). Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Objective: estimate the state of the physical system x ( t ) ∈ R n . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  14. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Example: a car with two states position , velocity and three sensors: Some sensors are attacked: a i ( t ) � = 0 − → sensor i is attacked at time t ∈ N ;         y GPS ( t ) 1 0 ψ GPS ( t ) 0 � p ( t ) � If sensor i is attacked, a i ( t ) can be arbitrary (no boundedness assumption,  =  + y odometer ( t ) 0 1 + ψ odometer ( t ) a odometer ( t ) s = 1       v ( t ) no stochastic model, etc.). y IMU ( t ) 0 1 ψ IMU ( t ) 0 Set of attacked sensors is unknown and has cardinality s . The value of s is also unknown although we assume the knowledge of an upper bound s . Objective: estimate the state of the physical system x ( t ) ∈ R n . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 6 / 30

  15. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) ���� noise Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  16. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  17. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack Example: a car with two states position , velocity and three sensors: vector Although sensors are heterogeneous, the physical quantities they measure are         y GPS ( t ) 1 0 ψ GPS ( t ) 0 correlated. � p ( t ) �  =  + y odometer ( t ) 0 1 + ψ odometer ( t ) a odometer ( t ) s = 1       v ( t ) y IMU ( t ) ψ IMU ( t ) 0 1 0 v ( t ) ≃ ( p ( t ) − p ( t − 1 )) / ( T s ) Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  18. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  19. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . This model: Captures adversarial attacks, non-adversarial faults, cooperative and non-cooperative attacks, ... Does not depend on how the sensor measurements are corrupted (e.g. sensor-level spoofing, spoofing communication channel, ...). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

  20. Secure State Estimation Problem A total of p sensors monitor the state of the physical system ( y ( t ) ∈ R p ): y ( t ) = Cx ( t ) + ψ ( t ) + a ( t ) . ���� ���� noise attack vector Although sensors are heterogeneous, the physical quantities they measure are correlated. Physical system modeled as a discrete-time linear dynamical system: x ( t + 1 ) = Ax ( t ) + Bu ( t ) + µ ( t ) . This model: Captures adversarial attacks, non-adversarial faults, cooperative and non-cooperative attacks, ... Does not depend on how the sensor measurements are corrupted (e.g. sensor-level spoofing, spoofing communication channel, ...). For sake of simplicity, in this talk, I will consider the noise-free case ( ψ ( t ) = µ ( t ) = 0 ). Yasser Shoukry I MHOTEP -SMT - SMT Workshop’15 July 19, 2015 7 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS,

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS,

A Survey of Satisfiability Modulo Theory (for mathematicians) David Monniaux VERIMAG GNCS, Pescara, February 10, 2017 David Monniaux (VERIMAG) A Survey of Satisfiability Modulo Theory 2017-02-10 1 / 48 STATOR SMT = SAT + theories SAT =

521 views • 48 slides
SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures

SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures

SMT: Satisfiability Modulo Theories Ranjit Jhala, UC San Diego April 9, 2013 Decision Procedures Last Time Propositional Logic Today 1. Combining SAT and Theory Solvers 2. Theory Solvers Theory of Equality Theory of Uninterpreted

1.14k views • 72 slides
Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1

Complete Instantiation of Quantified Formulas in Satisfiability Modulo Theories Yeting Ge 1 Leonardo de Moura 2 1 New York University 2 Microsoft Research 7th International Workshop on Satisfiability Modulo Theories Aug 3, 2009 Montreal, Canada

1.33k views • 86 slides
Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 31, 2019 Satisfiability Modulo Theories Some problems are more naturally expressed in other logics than

752 views • 33 slides
G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo

G22.2390-001 Logic in Computer Science Fall 2009 Lecture 10 1 Review Satisfiability Modulo Theories Theory Solvers Combining Decision Procedures Abstract DPLL Modulo Theories Example Application: Translation Validation 2

470 views • 35 slides
Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule

Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule

Satisfiability modulo theory David Monniaux CNRS / VERIMAG October 2017 1 / 182 Schedule Introduction Propositional logic First-order logic Applications Beyond DPLL(T) Qvantifier elimination Interpolants 2 / 182 Who I am David

2.35k views • 197 slides
Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School,

Satisfiability Modulo Theories and Z3 Nikolaj Bjrner Microsoft Research ReRISE Winter School, Linz, Austria February 3, 2014 SMT : Basic Architecture Theory SAT SMT Solvers Equality + UF Arithmetic Case Analysis Bit-vectors Nikolaj is

681 views • 55 slides
Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura

Model-Constructing Satisfiability Calculus Dejan Jovanovi c Clark Barrett Leonardo de Moura SRI International NYU Microsoft Research Satisfiability Modulo Theories and DPLL(T) Problem Check a given formula for satisfiability modulo the

889 views • 65 slides
SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for

SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for

SAT Solver as coNP Solver Beyond Resolution Norbert Manthey International Center for Computational Logic Technische Universit at Dresden Germany Motivation Propositional Logic and Satisfiability Proof Theory and SAT Solving

640 views • 49 slides
Session 1 Verification of Combinational Circuits Satisfiability Solver

Session 1 Verification of Combinational Circuits Satisfiability Solver

Session 1 Verification of Combinational Circuits Satisfiability Solver Albert-Ludwigs-Universitt Freiburg HI Lewis / Schubert / Becker Verification and SAT Solving Satisfiability Solver 1 / 129 Literatur Albert-Ludwigs-Universitt

2.04k views • 186 slides
Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Applications of SMT solvers Alessandro Cimatti Embedded System Unit Fondazione Bruno Kessler Trento, Italy cimatti@fbk.eu Applications of SMT solvers @ SAT/SMT School, Helsinki, July 2013 Satisfiability Modulo Theories SMT solvers are

1.09k views • 27 slides
13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann

13th International Satisfiability Modulo Theories Competition SMT-COMP 2018 Matthias Heizmann Aina Niemetz Giles Reger Tjark Weber Background SMT-COMP is an annual competition between SMT solvers. It was first held in 2005. Satisfiability

470 views • 17 slides
Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio

Satisfiability Modulo Transcendental Functions via Incremental Linearization Alberto Griggio Fondazione Bruno Kessler, Trento, Italy Joint work with A. Irfan, A. Cimatti, M. Roveri, R. Sebastiani Executive Summary Main idea Abstract

487 views • 24 slides
CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina

CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina

The conflict-driven reasoning paradigm Conflict-driven reasoning in theory combination The CDSAT transition system Discussion CDSAT: Conflict-Driven SATisfiability modulo theories and assignments 1 Maria Paola Bonacina Dipartimento di

610 views • 45 slides
Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto

Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto

Deduction at Scale Seminar 2011 Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto Griggio FBK-IRST, Trento joint work with Thi Thieu Hoa Le and Roberto Sebastiani, DISI - Univ. Trento Introduction

767 views • 39 slides
Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand,

Satisfiability Modulo Theories and Assignments Maria Paola Bonacina, Stphane Graham-Lengrand, and Natarajan Shankar Uni. degli Studi di Verona - CNRS - SRI International CADE, 8th August 2017 1/39 This talk is about the quantifier-free core

2.09k views • 180 slides
Today's Goals: *Explain how Egypt was united *Describe the pharaoh's central role in Egyptian

Today's Goals: *Explain how Egypt was united *Describe the pharaoh's central role in Egyptian

~Land of the Pharaohs~ Sep 2310:41 AM Today's Goals: *Explain how Egypt was united *Describe the pharaoh's central role in Egyptian development and life *Describe hieroglyphics, the Egyptian system of writing *Analyze the Egyptian economy

479 views • 12 slides
appreciating modern architecture by michael welsman-dinelle 10.07.2009 udls Ville contemporaine

appreciating modern architecture by michael welsman-dinelle 10.07.2009 udls Ville contemporaine

appreciating modern architecture by michael welsman-dinelle 10.07.2009 udls Ville contemporaine Le Corbusier 1922 Seagram Building Mies van der Rohe 1957 Canadian Museum of Human Rights Otto von Bismarck in ceremonial Prussian

379 views • 19 slides
THE OF ECCLESIOLOGY... a study of the church C HRIST-CENTERED "When Jesus came to the

THE OF ECCLESIOLOGY... a study of the church C HRIST-CENTERED "When Jesus came to the

THE OF ECCLESIOLOGY... a study of the church C HRIST-CENTERED "When Jesus came to the region of Caesarea Philippi, he asked his disciples, 'Who do people say the Son of Man is?' They replied, 'Some say John the Baptist; others say Elijah;

454 views • 29 slides
THE BIG PICTURE THE WHOLE IS GREATER THAN THE SUM OF ITS PARTS (ARISTOTLE).

THE BIG PICTURE THE WHOLE IS GREATER THAN THE SUM OF ITS PARTS (ARISTOTLE).

THE BIG PICTURE THE WHOLE IS GREATER THAN THE SUM OF ITS PARTS (ARISTOTLE). STUDYING A BIBLE BOOK ROMANS 12 THEREFORE ACCORDINGLY OR CONSEQUENTLY ROMANS 2:26; 3:9; 5:1; 8:31; & 10:14 I. THE BOOKS BIG PICTURE KEY

596 views • 25 slides
Chiastic Structure The Greek Letter Chi Chiastic Structure of Psalm 110 Chiastic Structure

Chiastic Structure The Greek Letter Chi Chiastic Structure of Psalm 110 Chiastic Structure

Chiastic Structure The Greek Letter Chi Chiastic Structure of Psalm 110 Chiastic Structure of Torah Book When? Who? Where? Chaldea Genesis Universal Centuries (2,200 Years) Canaan Exodus National Years (200-300) Egypt Tribal

223 views • 18 slides
the New, might be taken as relating to Israel after the flesh , and as foretelling the

the New, might be taken as relating to Israel after the flesh , and as foretelling the

There are certain Prophetic passages in the Old Testament, which, apart from the light afforded by the New, might be taken as relating to Israel after the flesh , and as foretelling the restoration, at some future day, of their national

869 views • 69 slides
T H E E N G A G E P R O J E C T Create Your Own Project and Touch People Christian M. Schmid

T H E E N G A G E P R O J E C T Create Your Own Project and Touch People Christian M. Schmid

T H E E N G A G E P R O J E C T Create Your Own Project and Touch People Christian M. Schmid IEEE Region 8 Secretary c.schmid@ieee.org Charter: The purpose of the Engage Project workshop is 1.) for you to discover some hidden

494 views • 13 slides
Search for patterns in physics: from particles to Dark Matter Josu Molina El Zamorano

Search for patterns in physics: from particles to Dark Matter Josu Molina El Zamorano

Search for patterns in physics: from particles to Dark Matter Josu Molina El Zamorano University, Honduras Advanced Workshop on Accelerating the Search for Dark Matter with Machine Learning Trieste, Italia April 11, 2019 1/ 45 Josu

460 views • 45 slides

More recommend