modelplex verified runtime validation of verified cyber
play

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical - PowerPoint PPT Presentation

Apr 17, 2023 •341 likes •844 views

ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University RV14, Sept. 24, 2014 Simplex for Hybrid System Models Stefan Mitsch ,

  1. ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr´ e Platzer Computer Science Department, Carnegie Mellon University RV’14, Sept. 24, 2014 Simplex for Hybrid System Models Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 1 of 15

  2. Formal Verification in CPS Development Real CPS safe Proof Reachability Analysis . . . Verification Results Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 15

  3. Formal Verification in CPS Development Real CPS safe abstract Model α ∗ Proof Control α ctrl v := v + 1 Reachability safe sense Analysis act . . . Plant α plant x ′ = v Verification Results Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 15

  4. Formal Verification in CPS Development Real CPS safe Challenge Verification results about models abstract only apply if CPS fits to the model Model α ∗ � Verifiably correct runtime model validation Proof Control α ctrl v := v + 1 Reachability safe sense Analysis act . . . Plant α plant x ′ = v Verification Results Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 2 of 15

  5. ModelPlex Runtime Model Validation ModelPlex ensures that verification results about models apply to CPS implementations predict turn plant Model α ctrl i − 1 i +1 i . . . model adequate? control safe? until next cycle? Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 3 of 15

  6. ModelPlex Runtime Model Validation ModelPlex ensures that verification results about models apply to CPS implementations Contributions predict turn Verification results transfer to CPS when validating model compliance Compliance with model is characterizable in logic Compliance formula transformed by proof to plant Model α ctrl i − 1 i +1 i executable monitor . . . model adequate? control safe? until next cycle? Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 3 of 15

  7. ModelPlex at Runtime . . . “Simplex for Models” Controller Sensors Actuators Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 15

  8. ModelPlex at Runtime . . . “Simplex for Models” Controller ModelPlex Compliance Fallback Monitor Sensors Actuators Compliance Monitor Checks CPS for compliance with model at runtime Model Monitor: model adequate? Controller Monitor: control safe? Prediction Monitor: until next cycle? Fallback Safe action, executed when monitor is not satisfied Challenge What conditions do the monitors need to check to be safe? Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 4 of 15

  9. ModelPlex Approach . . . Is current CPS behavior included in the behavior of the model? CPS observed through sensors Model describes behavior of CPS between states observation observation observation CPS . . . ⊆ ⊆ Model Model α Model α . . . i − 1 i +1 i time Detect non-compliance as soon as possible to initiate safe fallback actions Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 15

  10. ModelPlex Approach . . . Is current CPS behavior included in the behavior of the model? CPS observed through sensors Model describes behavior of CPS between states observation observation observation CPS . . . fits to ⊆ ⊆ Model Model α Model α . . . i − 1 i +1 i time Detect non-compliance as soon as possible to initiate safe fallback actions Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 15

  11. ModelPlex Approach . . . Is current CPS behavior included in the behavior of the model? CPS observed through sensors Model describes behavior of CPS between states observation observation observation Challenge CPS Model describes behavior, . . . fits to but at runtime we get sampled observations � Transform model into observation-monitor ⊆ ⊆ Model Model α Model α . . . i − 1 i +1 i time Detect non-compliance as soon as possible to initiate safe fallback actions Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 5 of 15

  12. Outline predict turn plant Model α ctrl i − 1 i +1 i . . . Model Monitor Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 6 of 15

  13. Monitor Characterization . . . When are two states linked through a run of model α ? ⊆ Model α i − 1 i Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 15

  14. Monitor Characterization . . . When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ acterized by x − characterized by x + Model α i − 1 i ( x − , x + ) ∈ ρ ( α ) reachability relation of α Semantical: Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 15

  15. Monitor Characterization . . . When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ acterized by x − characterized by x + Model α i − 1 i Offline starting at x = x − ( x − , x + ) ∈ ρ ( α ) Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 15

  16. Monitor Characterization . . . When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ acterized by x − characterized by x + Model α i − 1 i Offline starting at x = x − ( x − , x + ) ∈ ρ ( α ) Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): � d L proof F ( x − , x + ) Real arithmetic: check at runtime (efficient) Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 15

  17. Monitor Characterization . . . When are two states linked through a run of model α ? a prior state char- a posterior state ⊆ acterized by x − characterized by x + Model α i − 1 i Offline starting at x = x − ( x − , x + ) ∈ ρ ( α ) Semantical: exists a run of α to a � Theorem state where x = x + ( x = x − ) → � α ( x ) � ( x = x + ) Logic (d L ): ⇑ d L proof F ( x − , x + ) Real arithmetic: check at runtime (efficient) Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 7 of 15

  18. Provably Correct Synthesis of Monitors . . . Proof calculus of d L executes models symbolically Model α prior state x − posterior state x + i − 1 i proof attempt ( x = x − ) → � α ( x ) � ( x = x + ) Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 8 of 15

  19. Provably Correct Synthesis of Monitors . . . Proof calculus of d L executes models symbolically Model α climb prior state x − posterior state x + i − 1 i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) �∪�� climb � φ ∨ � descend � φ � climb ∪ descend � φ Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 8 of 15

  20. Provably Correct Synthesis of Monitors . . . Proof calculus of d L executes models symbolically Model α climb prior state x − posterior state x + i − 1 i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) ∨ � climb � ( x = x + ) � descend � ( x = x + ) Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 8 of 15

  21. Provably Correct Synthesis of Monitors . . . Proof calculus of d L executes models symbolically Model α climb prior state x − posterior state x + i − 1 i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) ∨ � climb � ( x = x + ) � descend � ( x = x + ) F 1 ( x − , x + ) F 2 ( x − , x + ) Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 8 of 15

  22. Provably Correct Synthesis of Monitors . . . Proof calculus of d L executes models symbolically Model α climb prior state x − posterior state x + i − 1 i descend proof attempt ( x = x − ) → � climb ∪ descend � ( x = x + ) ∨ � climb � ( x = x + ) � descend � ( x = x + ) F 1 ( x − , x + ) F 2 ( x − , x + ) F 1 ( x − , x + ) ∨ F 2 ( x − , x + ) Monitor: The subgoals that cannot be proved express all the conditions on the relations of variables imposed by the model � execute at runtime Stefan Mitsch , Andr´ e Platzer—ModelPlex: Verified Runtime Validation of Verified Cyber-Physical System Models 8 of 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e

Verified Runtime Validation of Verified Cyber-Physical System Models Stefan Mitsch Andr e Platzer Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop, Dec. 12, 2014 For Details, see ModelPlex paper at

504 views • 27 slides
ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical

ModelPlex: Verified Runtime Monitors and Verified Test Oracles for Safety of Cyber-Physical Systems Stefan Mitsch Computer Science Department, Carnegie Mellon University CPS V&V I&F Workshop 2017 May 12, 2017 joint work with Andr e

537 views • 31 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer

VeriPhy: Verified Controller Executables from Verified Cyber-Physical System Models Brandon Bohrer 1 , Yong Kiam Tan 1 , Stefan Mitsch 1 , Magnus O. Myreen 2 , and Andr e Platzer 1 Carnegie Mellon University 1 Chalmers University of Technology 2

672 views • 44 slides
Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation Experiment 2. Significant changes to the architectures 3. Work Breakdown Structure 4. Critical path on your schedule 5. Top 3 risks and planned mitigation

567 views • 19 slides
Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on

Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on

Verified Runtime Monitoring: From Foundations to Practice Presenter: Brandon Bohrer 1 , based on works with: Yong Kiam Tan 1 , Stefan Mitsch 1 , Andrew Sogokon 1 , Edward Ahn 1 , David Held 1 , John Dolan 1 , Aman Khurana 1 , Magnus O. Myreen 2 ,

637 views • 44 slides
Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus

From the office of Texas Conference of SDA Human Resources ___________________________________ Verified Volunteers Verified Volunteers New Volunteer Screening Coordinator Irene Lazarus She will be working with every church and

279 views • 5 slides
Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda

Lollipop MR1 Verified Boot Andrew Boie Open Source Technology Center Intel Corporation Agenda What is Verified Boot? Description of Verified Boot Components Q&A What Is Verified Boot? Verified Boot establishes a chain of

432 views • 19 slides
Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria

Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria

Verified translation validation of static analyses Sandrine Blazy Univ. Rennes, CNRS IRISA, Inria joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 2.11 2018 6 8 1 How to check

401 views • 20 slides
Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe,

Verified translation validation of static analyses Sandrine Blazy joint work with Gilles Barthe, Vincent Laporte, David Pichardie and Alix Trieu IFIP WG 1.9/2.15, Leuven, 2017-05-11 1 Background: verifying a compiler Compiler + proof that the

446 views • 19 slides
Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified

Formally Verified Cryptographic Web Applications J. Protzenko et al. MSR + INRIA Verified Cryptographic Web Applications in WASM May. 22 st , 2019 1 / 22 in WebAssembly Jonathan Protzenko Microsoft Research Benjamin Beurdouche INRIA

1.5k views • 57 slides
Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified

Roberto Guanciale Mads Dam Hamed Nemati Christoph Baumann Cache Storage Channels Alias-driven Attacks Formally Verified Platforms Formally Verified Platforms Caches Excluded Formally Verified from the analysis Platforms Caches Excluded

675 views • 64 slides
What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter

What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter

What sets Verified Users apart? Insights, Analysis and Prediction of Verified Users on Twitter Indraneil Paul (IIIT Hyderabad), Abhinav Khattar (IIIT Delhi), Shaan Chopra (IIIT Delhi), Ponnurangam Kumaraguru (IIIT Delhi), Manish Gupta

731 views • 39 slides
Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski

Verified Boot and Free Software: Reconciling Freedom and Security Paul Kocialkowski contact@paulk.fr Monday July 4 th 2016 Introducing Verified Boot and Related Issues Introducing Verified Boot and Related Issues Bootup Process BIOS History

947 views • 39 slides
What Use Is Verified Software? John Rushby Computer Science Laboratory SRI International Menlo

What Use Is Verified Software? John Rushby Computer Science Laboratory SRI International Menlo

What Use Is Verified Software? John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I What Use Is Verified Software? 1 Software and Systems The world at large cares little for verified

734 views • 14 slides
Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of

Towards Formally Verified Theorem Provers Ramana Kumar Computer Laboratory, University of Cambridge Twenty Years of the QED Manifesto Vienna Summer of Logic, 2014 HOL Verified Goals of the Project An implementation of HOL Light 1. that runs

428 views • 13 slides
Argument Strength and Probability Henry Prakken Workshop on Argument Strength Bochum

Argument Strength and Probability Henry Prakken Workshop on Argument Strength Bochum

Argument Strength and Probability Henry Prakken Workshop on Argument Strength Bochum 30-11-2016 Argumentation and Probability Theory Argumentation-as-inference is a form of nonmonotonic logic Qualitative approaches to reasoning with

574 views • 40 slides
Modeling and Reasoning in Event Calculus Using Goal-Directed Constraint Answer Set Programming J.

Modeling and Reasoning in Event Calculus Using Goal-Directed Constraint Answer Set Programming J.

Sept, 2019 [PROLE-2019] Modeling and Reasoning in Event Calculus Using Goal-Directed Constraint Answer Set Programming J. Arias 1 , 2 M. Carro 1 , 2 Z. Chen 3 G. Gupta 3 1 IMDEA Software Institute, 2 Universidad Polit ecnica de Madrid 3

176 views • 14 slides
Computational Logic and Human Reasoning Steffen H olldobler International Center for

Computational Logic and Human Reasoning Steffen H olldobler International Center for

Computational Logic and Human Reasoning Steffen H olldobler International Center for Computational Logic Technische Universit at Dresden Germany Motivation The Selection Task The Suppression Task The Core Method Steffen

69 views • 3 slides
ITS LIT Mid-Year Design Review Senior Design Project 17 Department of Electrical and Computer

ITS LIT Mid-Year Design Review Senior Design Project 17 Department of Electrical and Computer

University of Massachusetts, Amherst College of Engineering ITS LIT Mid-Year Design Review Senior Design Project 17 Department of Electrical and Computer Engineering Meet The Team Advisor: Professor David McLaughlin Tommy Zhen Michael

668 views • 29 slides
Cool Services GOGS Go Git Server Your own personal Github! Gogs.io Might be in

Cool Services GOGS Go Git Server Your own personal Github! Gogs.io Might be in

Cool Services GOGS Go Git Server Your own personal Github! Gogs.io Might be in your package manager Super easy to set up Install it, install a database (if youre not using sqlite), and edit the config file

154 views • 14 slides
A Formal Semantics for PLEX Johan Erikson; johan.erikson@idt.mdh.se Bjrn Lisper;

A Formal Semantics for PLEX Johan Erikson; johan.erikson@idt.mdh.se Bjrn Lisper;

A Formal Semantics for PLEX Johan Erikson; johan.erikson@idt.mdh.se Bjrn Lisper; bjorn.lisper@mdh.se Mlardalen University Department of Computer Science and Engineering Vsters Sweden A Formal Semantics for PLEX The AXE telephone

267 views • 9 slides
RESIDENTIAL MARKET UPDATE 2012 Van Rose, MIRM President, Rose and Womble New Homes 15 Year

RESIDENTIAL MARKET UPDATE 2012 Van Rose, MIRM President, Rose and Womble New Homes 15 Year

3/18/2012 RESIDENTIAL MARKET UPDATE 2012 Van Rose, MIRM President, Rose and Womble New Homes 15 Year Closing Hampton Roads Residential Inventory New Construction & Resale History 2007 to 2012 15,000 14,000 13,000 12,000 11,000

223 views • 6 slides
Time measurement with differential ring oscillators Peter Fischer, Michael Ritzert Lehrstuhl

Time measurement with differential ring oscillators Peter Fischer, Michael Ritzert Lehrstuhl

Time measurement with differential ring oscillators Peter Fischer, Michael Ritzert Lehrstuhl fr Schaltungstechnik und Simulation Institut fr Technische Informatik Universitt Mannheim Presentation given at the FAIR FEE Workshop,

480 views • 20 slides

More recommend