September 2024
·
21 Reads
·
1 Citation
This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.
September 2024
·
21 Reads
·
1 Citation
August 2024
·
1 Read
May 2024
·
18 Reads
Messaging protocols for resource limited systems such as distributed IoT systems are often vulnerable to attacks due to security choices made to conserve resources such as time, memory, or bandwidth. For example, use of secure layers such as DTLS are resource expensive and can sometimes cause service disruption. Protocol dialects are intended as a light weight, modular mechanism to provide selected security guarantees, such as authentication. In this report we study the CoAP messaging protocol and define two attack models formalizing different vulnerabilities. We propose a generic dialect for CoAP messaging. The CoAP protocol, dialect, and attack models are formalized in the rewriting logic system Maude. A number of case studies are reported illustrating vulnerabilities and effects of applying the dialect. We also prove (stuttering) bisimulations between CoAP messaging applications and dialected versions, thus ensuring that dialecting preserves LTL properties (without Next) of CoAP applications.
October 2023
·
9 Reads
·
1 Citation
Lecture Notes in Computer Science
The description of concurrent systems as a network of interacting processes helps to reduce the complexity of the specification. The same principle applies for the description of cyber-physical systems as a network of interacting components. We introduce a transition system based specification of cyber-physical components whose semantics is compositional with respect to a family of algebraic products. We give sufficient conditions for execution of a product of cyber-physical components to be correctly implemented by a lazy runtime expansion of the product construction. Our transition system algebra is implemented in the Maude rewriting logic system. As an example, we show that, under a coordination protocol, a set of autonomous energy-aware robots can self-sort themselves on a shared physical grid.
September 2023
·
78 Reads
·
4 Citations
Lecture Notes in Computer Science
Rewriting Modulo SMT combines two powerful automated deduction techniques (1) rewriting and (2) SMT-solving. Rewriting enables the specification of behavior of systems using rewriting rules, while SMT theories specify system properties. Rewriting Modulo SMT is enabled by combining existing tools, such as Maude and SMT solvers. Search algorithms used for carrying out Rewriting Modulo SMT, however, cannot exploit the incremental solving features available in SMT solvers as they are based on breadth-first search. This paper addresses this limitation by proposing Incremental Rewriting Modulo SMT Theories, which is a syntactical restriction to rewriting rules. This restriction turns out to naturally be used in several applications of Rewriting Modulo SMT, including the verification of algorithms, cyber-physical systems, and security protocols. Moreover, we propose a Hybrid-Search algorithm for Incremental Rewriting Modulo SMT Theories that combines breadth-first search and depth-first search, thus enabling incremental SMT-solving. We demonstrate through a collection of existing benchmarks that the Hybrid-Search algorithm can achieve a 10 times performance improvement in verification times.
June 2023
·
14 Reads
·
2 Citations
Lecture Notes in Computer Science
Cyber-physical systems (CPSes), such as autonomous vehicles, use sophisticated components like ML-based controllers. It is difficult to provide evidence about the safe functioning of such components. To overcome this problem, Runtime Assurance Architecture (RTA) solutions have been proposed. The RTA ’s decision component evaluates the system’s safety risk and whenever the risk is higher than acceptable the RTA switches to a safety mode that, for example, activates a controller with strong evidence for its safe functioning. In this way, RTAs increase CPS runtime safety and resilience by recovering the system from higher to lower risk levels. The goal of this paper is to automate recovery proofs of CPSes using RTAs. We first formalize the key verification problems, namely, the decision sampling-time adequacy problem and the time-bounded recoverability problem. We then demonstrate how to automatically generate proofs for the proposed verification problems using symbolic rewriting modulo SMT. Automation is enabled by integrating the rewriting logic tool (Maude), which generates sets of non-linear constraints, with an SMT-solver (Z3) to produce proofs
April 2023
·
25 Reads
Cyber-physical systems (CPSes), such as autonomous vehicles, use sophisticated components like ML-based controllers. It is difficult to provide evidence about the safe functioning of such components. To overcome this problem, Runtime Assurance Architecture (RTA) solutions have been proposed. The \RAP's decision component evaluates the system's safety risk and whenever the risk is higher than acceptable the RTA switches to a safety mode that, for example, activates a controller with strong evidence for its safe functioning. In this way, RTAs increase CPS runtime safety and resilience by recovering the system from higher to lower risk levels. The goal of this paper is to automate recovery proofs of CPSes using RTAs. We first formalize the key verification problems, namely, the decision sampling-time adequacy problem and the time-bounded recoverability problem. We then demonstrate how to automatically generate proofs for the proposed verification problems using symbolic rewriting modulo SMT. Automation is enabled by integrating the rewriting logic tool (Maude), which generates sets of non-linear constraints, with an SMT-solver (Z3) to produce proofs
October 2022
·
7 Reads
·
3 Citations
Lecture Notes in Computer Science
The analysis of cyber-physical systems (CPS) is challenging due to the large state space and the continuous changes occurring in their constituent parts. Design practices favor modularity to help reducing this complexity. In a previous work, we proposed a discrete semantic model for CPS that captures both cyber and physical aspects as streams of discrete observations, which ultimately form the behavior of a component. This semantic model is denotational and compositional, where each composition operator algebraically models an interaction between a pair of components.In this paper, we propose a specification of components as rewrite systems. The specification is operational and executable, and we study conditions for its semantics as components to be compositional. We demonstrate our framework by modeling a coordination of robots moving on a shared field. We show that our system of robots can be coordinated by a protocol in order to exhibit a desired emerging behavior. We use an implementation of our framework in Maude to give practical results.
October 2022
·
22 Reads
·
2 Citations
Lecture Notes in Computer Science
Cyber-Physical Systems (CPS) are used to perform complex, safety-critical missions autonomously. Examples include applications of autonomous vehicles and drones. Given the complexity of these systems, CPS must be able to adapt to possible changes during mission execution, such as regulatory updates or changes in mission objectives. This capability is informally referred to as resilience. We formalize the intuitive notion of resilience as a formal verification property using timed multiset rewriting. An important innovation in our formalization is the distinction between rules that are under the control of the CPS and those that are not. We also study the computational complexity of resilience problems. Although undecidable in general, we show that these problems are PSPACE-complete for a class of bounded systems, more precisely, balanced systems where the rules do not affect the number of facts of the configurations and where facts are of bounded size.KeywordsResiliencePlanningFormal methodsVerificationMultiset rewritingComputational complexity
September 2022
·
59 Reads
·
3 Citations
Mathematical Structures in Computer Science
Given the complexity of cyber-physical systems (CPS), such as swarms of drones, often deviations, from a planned mission or protocol, occur which may in some cases lead to harm and losses. To increase the robustness of such systems, it is necessary to detect when deviations happen and diagnose the cause(s) for a deviation. We build on our previous work on soft agents, a formal framework based on using rewriting logic for specifying and reasoning about distributed CPS, to develop methods for diagnosis of CPS at design time. We accomplish this by (1) extending the soft agents framework with Fault Models; (2) proposing a protocol specification language and the definition of protocol deviations; and (3) development of workflows/algorithms for detection and diagnosis of protocol deviations. Our approach is partially inspired by existing work using counterfactual reasoning for fault ascription. We demonstrate our machinery with a collection of experiments.
... failures of robots and other components [33]) and strategies to rescue items, as recently investigated in [32]. Lion et al. [22] present an operational specification of components as rewrite systems equipped with a Maude specification that is adopted to incrementally analyze the system design. The illustrative application includes two energy sensitive robots roaming on a shared field, and results demonstrate that the introduced coordination prevents livelock behaviour. ...
October 2022
Lecture Notes in Computer Science
... Soft Agents (SA) framework has a builtin mechanism to model environmental perturbations such as faults, weather, or obstacles [28,29,18,20]. This mechanism corresponds to the use of rules not under the control of the system being considered and is thus well suited to modeling and analyzing resilience properties of cyber-physical systems such as those proposed in this paper. ...
September 2022
Mathematical Structures in Computer Science
... Also, Adi and Kirchner [1] implemented an AC-unification algorithm, proposed benchmarks, and showed that their algorithm improves over previous ones in time and space. An efficient AC-unification algorithm [16] is in use in the programming language Maude. ...
August 2022
Lecture Notes in Computer Science
... • Simulation-Based Evaluations: Simulation models have been widely adopted to analyze the interplay between machine configurations and production schedules [15]. For instance, previous studies approached the feasibility with simulation frameworks to compare different facility layouts and assess cost-performance trade-offs [16]. ...
July 2022
Lecture Notes in Computer Science
... Previous works (Nigam and Talcott, 2022;Apvrille and Roudier, 2015) propose formal threat analysis using models of cyber-physical systems, such as for Industry 4.0 applications. Similar to the work on security protocols, these works require the formal specification of the behavior of the system. ...
January 2022
Journal of Logical and Algebraic Methods in Programming
... Compositional modeling aspects described in (Broy & Rumpe 2007; detail modular aspects in interacting systems. Compositional approaches consider not only the modeling language but the models, their respective software components, and their artifacts as well (Talcott et al. 2021;Butting, Eikermann, et al. 2020). These approaches are well described in the textual technological space Butting, Pfeiffer, et al. 2020;Hölldobler et al. 2018) with consideration for the different forms of language composition. ...
July 2021
... On the other hand, increased complexity and robustness of modern systems (such as aircraft) demanded more powerful tooling to support safety analysis. These not only address the complexity and robustness but also cater to human limitations encountered when performing such tasks, with a particular focus on scaling these tools across the enterprise [3]. ...
January 2021
... The main goal of this paper is to formalize the intuitive notion of resilience as a verication problem for CPS. We start from our previous work [13,14], in which we proposed a Timed Multiset Rewriting (MSR) framework suitable for specication and verication of CPSes. The work addressed properties without assuming changes and considered only task realization under nominal conditions, with xed goals and xed regulations and policies. ...
November 2021
Lecture Notes in Computer Science
... The entire semantic data model is subdivided into the domain level, mission level, and application level, as depicted in Figure 2. The establishment of semantic models facilitates the realization of intelligent management of underground pipelines, serving as an indispensable component in the construction of smart cities, and promoting the modernization and digitization of urban management. Semantic models support the real-time monitoring and emergency responses of underground pipelines, enabling rapid identification of issues, assessment of impacts, and formulation of effective response measures during emergencies, thereby enhancing urban resilience to sudden events [25]. ...
September 2021
Electronic Proceedings in Theoretical Computer Science
... Demonstrating properties of such specifications amounts to search using these rewrite rules and satisfiability checking of the accumulated constraints using SMT solvers. Rewriting modulo SMT has been successfully applied in several case-studies from several domains, including safety of cyber-physical systems (CPSes) [13]; verification of algorithms [2]; and for network security analysis [16]. ...
Reference:
Incremental Rewriting Modulo SMT
February 2021
Journal of Computer Security