-
Passivity Tools for Hybrid Learning Rules in Large Populations
Authors:
Jair Certorio,
Nuno C. Martins,
Kevin Chang,
Pierluigi Nuzzo,
Yasser Shoukry
Abstract:
Recent work has pioneered the use of system-theoretic passivity to study equilibrium stability for the dynamics of noncooperative strategic interactions in large populations of learning agents. In this and related works, the stability analysis leverages knowledge that certain ``canonical'' classes of learning rules used to model the agents' strategic behaviors satisfy a passivity condition known a…
▽ More
Recent work has pioneered the use of system-theoretic passivity to study equilibrium stability for the dynamics of noncooperative strategic interactions in large populations of learning agents. In this and related works, the stability analysis leverages knowledge that certain ``canonical'' classes of learning rules used to model the agents' strategic behaviors satisfy a passivity condition known as $δ$-passivity. In this paper, we consider that agents exhibit learning behaviors that do not align with a canonical class. Specifically, we focus on characterizing $δ$-passivity for hybrid learning rules that combine elements from canonical classes. Our analysis also introduces and uses a more general version of $δ$-passivity, which, for the first time, can handle discontinuous learning rules, including those showing best-response behaviors. We state and prove theorems establishing $δ$-passivity for two broad convex cones of hybrid learning rules. These cones can merge into a larger one preserving $δ$-passivity in scenarios limited to two strategies. In our proofs, we establish intermediate facts that are significant on their own and could potentially be used to further generalize our work. We illustrate the applicability of our results through numerical examples.
△ Less
Submitted 2 July, 2024;
originally announced July 2024.
-
DECOR: Enhancing Logic Locking Against Machine Learning-Based Attacks
Authors:
Yinghua Hu,
Kaixin Yang,
Subhajit Dutta Chowdhury,
Pierluigi Nuzzo
Abstract:
Logic locking (LL) has gained attention as a promising intellectual property protection measure for integrated circuits. However, recent attacks, facilitated by machine learning (ML), have shown the potential to predict the correct key in multiple LL schemes by exploiting the correlation of the correct key value with the circuit structure. This paper presents a generic LL enhancement method based…
▽ More
Logic locking (LL) has gained attention as a promising intellectual property protection measure for integrated circuits. However, recent attacks, facilitated by machine learning (ML), have shown the potential to predict the correct key in multiple LL schemes by exploiting the correlation of the correct key value with the circuit structure. This paper presents a generic LL enhancement method based on a randomized algorithm that can significantly decrease the correlation between locked circuit netlist and correct key values in an LL scheme. Numerical results show that the proposed method can efficiently degrade the accuracy of state-of-the-art ML-based attacks down to around 50%, resulting in negligible advantage versus random guessing.
△ Less
Submitted 4 March, 2024;
originally announced March 2024.
-
Posterior Sampling-based Online Learning for Episodic POMDPs
Authors:
Dengwang Tang,
Dongze Ye,
Rahul Jain,
Ashutosh Nayyar,
Pierluigi Nuzzo
Abstract:
Learning in POMDPs is known to be significantly harder than MDPs. In this paper, we consider the online learning problem for episodic POMDPs with unknown transition and observation models. We propose a Posterior Sampling-based reinforcement learning algorithm for POMDPs (PS4POMDPs), which is much simpler and more implementable compared to state-of-the-art optimism-based online learning algorithms…
▽ More
Learning in POMDPs is known to be significantly harder than MDPs. In this paper, we consider the online learning problem for episodic POMDPs with unknown transition and observation models. We propose a Posterior Sampling-based reinforcement learning algorithm for POMDPs (PS4POMDPs), which is much simpler and more implementable compared to state-of-the-art optimism-based online learning algorithms for POMDPs. We show that the Bayesian regret of the proposed algorithm scales as the square root of the number of episodes, matching the lower bound, and is polynomial in the other parameters. In a general setting, its regret scales exponentially in the horizon length $H$, and we show that this is inevitable by providing a lower bound. However, when the POMDP is undercomplete and weakly revealing (a common assumption in the recent literature), we establish a polynomial Bayesian regret bound. We finally propose a posterior sampling algorithm for multi-agent POMDPs, and show it too has sublinear regret.
△ Less
Submitted 23 May, 2024; v1 submitted 16 October, 2023;
originally announced October 2023.
-
Optimal Control of Logically Constrained Partially Observable and Multi-Agent Markov Decision Processes
Authors:
Krishna C. Kalagarla,
Dhruva Kartik,
Dongming Shen,
Rahul Jain,
Ashutosh Nayyar,
Pierluigi Nuzzo
Abstract:
Autonomous systems often have logical constraints arising, for example, from safety, operational, or regulatory requirements. Such constraints can be expressed using temporal logic specifications. The system state is often partially observable. Moreover, it could encompass a team of multiple agents with a common objective but disparate information structures and constraints. In this paper, we firs…
▽ More
Autonomous systems often have logical constraints arising, for example, from safety, operational, or regulatory requirements. Such constraints can be expressed using temporal logic specifications. The system state is often partially observable. Moreover, it could encompass a team of multiple agents with a common objective but disparate information structures and constraints. In this paper, we first introduce an optimal control theory for partially observable Markov decision processes (POMDPs) with finite linear temporal logic constraints. We provide a structured methodology for synthesizing policies that maximize a cumulative reward while ensuring that the probability of satisfying a temporal logic constraint is sufficiently high. Our approach comes with guarantees on approximate reward optimality and constraint satisfaction. We then build on this approach to design an optimal control framework for logically constrained multi-agent settings with information asymmetry. We illustrate the effectiveness of our approach by implementing it on several case studies.
△ Less
Submitted 19 June, 2024; v1 submitted 24 May, 2023;
originally announced May 2023.
-
Unraveling Latch Locking Using Machine Learning, Boolean Analysis, and ILP
Authors:
Dake Chen,
Xuan Zhou,
Yinghua Hu,
Yuke Zhang,
Kaixin Yang,
Andrew Rittenbach,
Pierluigi Nuzzo,
Peter A. Beerel
Abstract:
Logic locking has become a promising approach to provide hardware security in the face of a possibly insecure fabrication supply chain. While many techniques have focused on locking combinational logic (CL), an alternative latch-locking approach in which the sequential elements are locked has also gained significant attention. Latch (LAT) locking duplicates a subset of the flip-flops (FF) of a des…
▽ More
Logic locking has become a promising approach to provide hardware security in the face of a possibly insecure fabrication supply chain. While many techniques have focused on locking combinational logic (CL), an alternative latch-locking approach in which the sequential elements are locked has also gained significant attention. Latch (LAT) locking duplicates a subset of the flip-flops (FF) of a design, retimes these FFs and replaces them with latches, and adds two types of decoy latches to obfuscate the netlist. It then adds control circuitry (CC) such that all latches must be correctly keyed for the circuit to function correctly. This paper presents a two-phase attack on latch-locked circuits that uses a novel combination of deep learning, Boolean analysis, and integer linear programming (ILP). The attack requires access to the reverse-engineered netlist but, unlike SAT attacks, is oracle-less, not needing access to the unlocked circuit or correct input/output pairs. We trained and evaluated the attack using the ISCAS'89 and ITC'99 benchmark circuits. The attack successfully identifies a key that is, on average, 96.9% accurate and fully discloses the correct functionality in 8 of the tested 19 circuits and leads to low function corruptibility (less than 4%) in 3 additional circuits. The attack run-times are manageable.
△ Less
Submitted 28 April, 2023;
originally announced May 2023.
-
Exact and Cost-Effective Automated Transformation of Neural Network Controllers to Decision Tree Controllers
Authors:
Kevin Chang,
Nathan Dahlin,
Rahul Jain,
Pierluigi Nuzzo
Abstract:
Over the past decade, neural network (NN)-based controllers have demonstrated remarkable efficacy in a variety of decision-making tasks. However, their black-box nature and the risk of unexpected behaviors and surprising results pose a challenge to their deployment in real-world systems with strong guarantees of correctness and safety. We address these limitations by investigating the transformati…
▽ More
Over the past decade, neural network (NN)-based controllers have demonstrated remarkable efficacy in a variety of decision-making tasks. However, their black-box nature and the risk of unexpected behaviors and surprising results pose a challenge to their deployment in real-world systems with strong guarantees of correctness and safety. We address these limitations by investigating the transformation of NN-based controllers into equivalent soft decision tree (SDT)-based controllers and its impact on verifiability. Differently from previous approaches, we focus on discrete-output NN controllers including rectified linear unit (ReLU) activation functions as well as argmax operations. We then devise an exact but cost-effective transformation algorithm, in that it can automatically prune redundant branches. We evaluate our approach using two benchmarks from the OpenAI Gym environment. Our results indicate that the SDT transformation can benefit formal verification, showing runtime improvements of up to 21x and 2x for MountainCar-v0 and CartPole-v0, respectively.
△ Less
Submitted 15 September, 2023; v1 submitted 11 April, 2023;
originally announced April 2023.
-
Co-Design of Topology, Scheduling, and Path Planning in Automated Warehouses
Authors:
Christopher Leet,
Chanwook Oh,
Michele Lora,
Sven Koenig,
Pierluigi Nuzzo
Abstract:
We address the warehouse servicing problem (WSP) in automated warehouses, which use teams of mobile agents to bring products from shelves to packing stations. Given a list of products, the WSP amounts to finding a plan for a team of agents which brings every product on the list to a station within a given timeframe. The WSP consists of four subproblems, concerning what tasks to perform (task formu…
▽ More
We address the warehouse servicing problem (WSP) in automated warehouses, which use teams of mobile agents to bring products from shelves to packing stations. Given a list of products, the WSP amounts to finding a plan for a team of agents which brings every product on the list to a station within a given timeframe. The WSP consists of four subproblems, concerning what tasks to perform (task formulation), who will perform them (task allocation), and when (scheduling) and how (path planning) to perform them. These subproblems are NP-hard individually and become more challenging in combination. The difficulty of the WSP is compounded by the scale of automated warehouses, which frequently use teams of hundreds of agents. In this paper, we present a methodology that can solve the WSP at such scales. We introduce a novel, contract-based design framework which decomposes an automated warehouse into traffic system components. By assigning each of these components a contract describing the traffic flows it can support, we can synthesize a traffic flow satisfying a given WSP instance. Component-wise search-based path planning is then used to transform this traffic flow into a plan for discrete agents in a modular way. Evaluation shows that this methodology can solve WSP instances on real automated warehouses.
△ Less
Submitted 2 March, 2023;
originally announced March 2023.
-
Safe Posterior Sampling for Constrained MDPs with Bounded Constraint Violation
Authors:
Krishna C Kalagarla,
Rahul Jain,
Pierluigi Nuzzo
Abstract:
Constrained Markov decision processes (CMDPs) model scenarios of sequential decision making with multiple objectives that are increasingly important in many applications. However, the model is often unknown and must be learned online while still ensuring the constraint is met, or at least the violation is bounded with time. Some recent papers have made progress on this very challenging problem but…
▽ More
Constrained Markov decision processes (CMDPs) model scenarios of sequential decision making with multiple objectives that are increasingly important in many applications. However, the model is often unknown and must be learned online while still ensuring the constraint is met, or at least the violation is bounded with time. Some recent papers have made progress on this very challenging problem but either need unsatisfactory assumptions such as knowledge of a safe policy, or have high cumulative regret. We propose the Safe PSRL (posterior sampling-based RL) algorithm that does not need such assumptions and yet performs very well, both in terms of theoretical regret bounds as well as empirically. The algorithm achieves an efficient tradeoff between exploration and exploitation by use of the posterior sampling principle, and provably suffers only bounded constraint violation by leveraging the idea of pessimism. Our approach is based on a primal-dual approach. We establish a sub-linear $\tilde{\mathcal{ O}}\left(H^{2.5} \sqrt{|\mathcal{S}|^2 |\mathcal{A}| K} \right)$ upper bound on the Bayesian reward objective regret along with a bounded, i.e., $\tilde{\mathcal{O}}\left(1\right)$ constraint violation regret over $K$ episodes for an $|\mathcal{S}|$-state, $|\mathcal{A}|$-action and horizon $H$ CMDP.
△ Less
Submitted 27 January, 2023;
originally announced January 2023.
-
Control Barrier Function Contracts for Vehicular Mission Planning Under Signal Temporal Logic Specifications
Authors:
Muhammad Waqas,
Nikhil Vijay Naik,
Petros Ioannou,
Pierluigi Nuzzo
Abstract:
We present a compositional control synthesis method based on assume-guarantee contracts with application to correct-by-construction design of vehicular mission plans. In our approach, a mission-level specification expressed in a fragment of signal temporal logic (STL) is decomposed into predicates defined on non-overlap** time intervals. The STL predicates are then mapped to an aggregation of co…
▽ More
We present a compositional control synthesis method based on assume-guarantee contracts with application to correct-by-construction design of vehicular mission plans. In our approach, a mission-level specification expressed in a fragment of signal temporal logic (STL) is decomposed into predicates defined on non-overlap** time intervals. The STL predicates are then mapped to an aggregation of contracts associated with continuously differentiable time-varying control barrier functions. The barrier functions are used to constrain the lower-level control synthesis problem, which is solved via quadratic programming. Our approach can avoid the conservatism of previous methods for task-driven control based on under-approximations. We illustrate its effectiveness on a case study motivated by vehicular mission planning under safety constraints as well as constraints imposed by traffic regulations under vehicle-to-vehicle and vehicle-to-infrastructure communication.
△ Less
Submitted 20 September, 2022; v1 submitted 15 September, 2022;
originally announced September 2022.
-
Correct-By-Construction Design of Adaptive Cruise Control with Control Barrier Functions Under Safety and Regulatory Constraints
Authors:
Muhammad Waqas,
Muhammad Ali Murtaza,
Pierluigi Nuzzo,
Petros Ioannou
Abstract:
The safety-critical nature of adaptive cruise control (ACC) systems calls for systematic design procedures, e.g., based on formal methods or control barrier functions (CBFs), to provide strong guarantees of safety and performance under all driving conditions. However, existing approaches have mostly focused on fully verified solutions under smooth traffic conditions, with the exception of stop-and…
▽ More
The safety-critical nature of adaptive cruise control (ACC) systems calls for systematic design procedures, e.g., based on formal methods or control barrier functions (CBFs), to provide strong guarantees of safety and performance under all driving conditions. However, existing approaches have mostly focused on fully verified solutions under smooth traffic conditions, with the exception of stop-and-go scenarios. Systematic methods for high-performance ACC design under safety and regulatory constraints like traffic signals are still elusive. A challenge for correct-by-construction approaches based on CBFs stems from the need to capture the constraints imposed by traffic signals, which lead to candidate time-varying CBFs (TV-CBFs) with finite jump discontinuities in bounded time intervals.
△ Less
Submitted 26 March, 2022;
originally announced March 2022.
-
Optimal Control of Partially Observable Markov Decision Processes with Finite Linear Temporal Logic Constraints
Authors:
Krishna C. Kalagarla,
Dhruva Kartik,
Dongming Shen,
Rahul Jain,
Ashutosh Nayyar,
Pierluigi Nuzzo
Abstract:
Autonomous agents often operate in scenarios where the state is partially observed. In addition to maximizing their cumulative reward, agents must execute complex tasks with rich temporal and logical structures. These tasks can be expressed using temporal logic languages like finite linear temporal logic (LTL_f). This paper, for the first time, provides a structured framework for designing agent p…
▽ More
Autonomous agents often operate in scenarios where the state is partially observed. In addition to maximizing their cumulative reward, agents must execute complex tasks with rich temporal and logical structures. These tasks can be expressed using temporal logic languages like finite linear temporal logic (LTL_f). This paper, for the first time, provides a structured framework for designing agent policies that maximize the reward while ensuring that the probability of satisfying the temporal logic specification is sufficiently high. We reformulate the problem as a constrained partially observable Markov decision process (POMDP) and provide a novel approach that can leverage off-the-shelf unconstrained POMDP solvers for solving it. Our approach guarantees approximate optimality and constraint satisfaction with high probability. We demonstrate its effectiveness by implementing it on several models of interest.
△ Less
Submitted 16 March, 2022;
originally announced March 2022.
-
TriLock: IC Protection with Tunable Corruptibility and Resilience to SAT and Removal Attacks
Authors:
Yuke Zhang,
Yinghua Hu,
Pierluigi Nuzzo,
Peter A. Beerel
Abstract:
Sequential logic locking has been studied over the last decade as a method to protect sequential circuits from reverse engineering. However, most of the existing sequential logic locking techniques are threatened by increasingly more sophisticated SAT-based attacks, efficiently using input queries to a SAT solver to rule out incorrect keys, as well as removal attacks based on structural analysis.…
▽ More
Sequential logic locking has been studied over the last decade as a method to protect sequential circuits from reverse engineering. However, most of the existing sequential logic locking techniques are threatened by increasingly more sophisticated SAT-based attacks, efficiently using input queries to a SAT solver to rule out incorrect keys, as well as removal attacks based on structural analysis. In this paper, we propose TriLock, a sequential logic locking method that simultaneously addresses these vulnerabilities. TriLock can achieve high, tunable functional corruptibility while still guaranteeing exponential queries to the SAT solver in a SAT-based attack. Further, it adopts a state re-encoding method to obscure the boundary between the original state registers and those inserted by the locking method, thus making it more difficult to detect and remove the locking-related components.
△ Less
Submitted 15 January, 2022;
originally announced January 2022.
-
Model-Free Reinforcement Learning for Optimal Control of MarkovDecision Processes Under Signal Temporal Logic Specifications
Authors:
Krishna C. Kalagarla,
Rahul Jain,
Pierluigi Nuzzo
Abstract:
We present a model-free reinforcement learning algorithm to find an optimal policy for a finite-horizon Markov decision process while guaranteeing a desired lower bound on the probability of satisfying a signal temporal logic (STL) specification. We propose a method to effectively augment the MDP state space to capture the required state history and express the STL objective as a reachability obje…
▽ More
We present a model-free reinforcement learning algorithm to find an optimal policy for a finite-horizon Markov decision process while guaranteeing a desired lower bound on the probability of satisfying a signal temporal logic (STL) specification. We propose a method to effectively augment the MDP state space to capture the required state history and express the STL objective as a reachability objective. The planning problem can then be formulated as a finite-horizon constrained Markov decision process (CMDP). For a general finite horizon CMDP problem with unknown transition probability, we develop a reinforcement learning scheme that can leverage any model-free RL algorithm to provide an approximately optimal policy out of the general space of non-stationary randomized policies. We illustrate the effectiveness of our approach in the context of robotic motion planning for complex missions under uncertainty and performance objectives.
△ Less
Submitted 27 September, 2021;
originally announced September 2021.
-
Fun-SAT: Functional Corruptibility-Guided SAT-Based Attack on Sequential Logic Encryption
Authors:
Yinghua Hu,
Yuke Zhang,
Kaixin Yang,
Dake Chen,
Peter A. Beerel,
Pierluigi Nuzzo
Abstract:
The SAT attack has shown to be efficient against most combinational logic encryption methods. It can be extended to attack sequential logic encryption techniques by leveraging circuit unrolling and model checking methods. However, with no guidance on the number of times that a circuit needs to be unrolled to find the correct key, the attack tends to solve many time-consuming Boolean satisfiability…
▽ More
The SAT attack has shown to be efficient against most combinational logic encryption methods. It can be extended to attack sequential logic encryption techniques by leveraging circuit unrolling and model checking methods. However, with no guidance on the number of times that a circuit needs to be unrolled to find the correct key, the attack tends to solve many time-consuming Boolean satisfiability (SAT) and model checking problems, which can significantly hamper its efficiency. In this paper, we introduce Fun-SAT, a functional corruptibility-guided SAT-based attack that can significantly decrease the SAT solving and model checking time of a SAT-based attack on sequential encryption by efficiently estimating the minimum required number of circuit unrollings. Fun-SAT relies on a notion of functional corruptibility for encrypted sequential circuits and its relationship with the required number of circuit unrollings in a SAT-based attack. Numerical results show that Fun-SAT can be, on average, 90x faster than previous attacks against state-of-the-art encryption methods, when both attacks successfully complete before a one-day time-out. Moreover, Fun-SAT completes before the time-out on many more circuits.
△ Less
Submitted 10 August, 2021;
originally announced August 2021.
-
Synthesis of Discounted-Reward Optimal Policies for Markov Decision Processes Under Linear Temporal Logic Specifications
Authors:
Krishna C. Kalagarla,
Rahul Jain,
Pierluigi Nuzzo
Abstract:
We present a method to find an optimal policy with respect to a reward function for a discounted Markov decision process under general linear temporal logic (LTL) specifications. Previous work has either focused on maximizing a cumulative reward objective under finite-duration tasks, specified by syntactically co-safe LTL, or maximizing an average reward for persistent (e.g., surveillance) tasks.…
▽ More
We present a method to find an optimal policy with respect to a reward function for a discounted Markov decision process under general linear temporal logic (LTL) specifications. Previous work has either focused on maximizing a cumulative reward objective under finite-duration tasks, specified by syntactically co-safe LTL, or maximizing an average reward for persistent (e.g., surveillance) tasks. This paper extends and generalizes these results by introducing a pair of occupancy measures to express the LTL satisfaction objective and the expected discounted reward objective, respectively. These occupancy measures are then connected to a single policy via a novel reduction resulting in a mixed integer linear program whose solution provides an optimal policy. Our formulation can also be extended to include additional constraints with respect to secondary reward functions. We illustrate the effectiveness of our approach in the context of robotic motion planning for complex missions under uncertainty and performance objectives.
△ Less
Submitted 22 March, 2021; v1 submitted 1 November, 2020;
originally announced November 2020.
-
SANSCrypt: A Sporadic-Authentication-Based Sequential Logic Encryption Scheme
Authors:
Yinghua Hu,
Kaixin Yang,
Shahin Nazarian,
Pierluigi Nuzzo
Abstract:
We propose SANSCrypt, a novel sequential logic encryption scheme to protect integrated circuits against reverse engineering. Previous sequential encryption methods focus on modifying the circuit state machine such that the correct functionality can be accessed by applying the correct key sequence only once. Considering the risk associated with one-time authentication, SANSCrypt adopts a new tempor…
▽ More
We propose SANSCrypt, a novel sequential logic encryption scheme to protect integrated circuits against reverse engineering. Previous sequential encryption methods focus on modifying the circuit state machine such that the correct functionality can be accessed by applying the correct key sequence only once. Considering the risk associated with one-time authentication, SANSCrypt adopts a new temporal dimension to logic encryption, by requiring the user to sporadically perform multiple authentications according to a protocol based on pseudo-random number generation. Analysis and validation results on a set of benchmark circuits show that SANSCrypt offers a substantial output corruptibility if the key sequences are applied incorrectly. Moreover, it exhibits an exponential resilience to existing attacks, including SAT-based attacks, while maintaining a reasonably low overhead.
△ Less
Submitted 11 October, 2020;
originally announced October 2020.
-
A Sample-Efficient Algorithm for Episodic Finite-Horizon MDP with Constraints
Authors:
Krishna C. Kalagarla,
Rahul Jain,
Pierluigi Nuzzo
Abstract:
Constrained Markov Decision Processes (CMDPs) formalize sequential decision-making problems whose objective is to minimize a cost function while satisfying constraints on various cost functions. In this paper, we consider the setting of episodic fixed-horizon CMDPs. We propose an online algorithm which leverages the linear programming formulation of finite-horizon CMDP for repeated optimistic plan…
▽ More
Constrained Markov Decision Processes (CMDPs) formalize sequential decision-making problems whose objective is to minimize a cost function while satisfying constraints on various cost functions. In this paper, we consider the setting of episodic fixed-horizon CMDPs. We propose an online algorithm which leverages the linear programming formulation of finite-horizon CMDP for repeated optimistic planning to provide a probably approximately correct (PAC) guarantee on the number of episodes needed to ensure an $ε$-optimal policy, i.e., with resulting objective value within $ε$ of the optimal value and satisfying the constraints within $ε$-tolerance, with probability at least $1-δ$. The number of episodes needed is shown to be of the order $\tilde{\mathcal{O}}\big(\frac{|S||A|C^{2}H^{2}}{ε^{2}}\log\frac{1}δ\big)$, where $C$ is the upper bound on the number of possible successor states for a state-action pair. Therefore, if $C \ll |S|$, the number of episodes needed have a linear dependence on the state and action space sizes $|S|$ and $|A|$, respectively, and quadratic dependence on the time horizon $H$.
△ Less
Submitted 23 September, 2020;
originally announced September 2020.
-
Toward Efficient Evaluation of Logic Encryption Schemes: Models and Metrics
Authors:
Yinghua Hu,
Vivek V. Menon,
Andrew Schmidt,
Joshua Monson,
Matthew French,
Pierluigi Nuzzo
Abstract:
Research in logic encryption over the last decade has resulted in various techniques to prevent different security threats such as Trojan insertion, intellectual property leakage, and reverse engineering. However, there is little agreement on a uniform set of metrics and models to efficiently assess the achieved security level and the trade-offs between security and overhead. This paper addresses…
▽ More
Research in logic encryption over the last decade has resulted in various techniques to prevent different security threats such as Trojan insertion, intellectual property leakage, and reverse engineering. However, there is little agreement on a uniform set of metrics and models to efficiently assess the achieved security level and the trade-offs between security and overhead. This paper addresses the above challenges by relying on a general logic encryption model that can encompass all the existing techniques, and a uniform set of metrics that can capture multiple, possibly conflicting, security concerns. We apply our modeling approach to four state-of-the-art encryption techniques, showing that it enables fast and accurate evaluation of design trade-offs, average prediction errors that are at least 2X smaller than previous approaches, and the evaluation of compound encryption methods.
△ Less
Submitted 29 July, 2020; v1 submitted 13 September, 2019;
originally announced September 2019.
-
Stochastic Assume-Guarantee Contracts for Cyber-Physical System Design Under Probabilistic Requirements
Authors:
Jiwei Li,
Pierluigi Nuzzo,
Alberto Sangiovanni-Vincentelli,
Yugeng Xi,
Dewei Li
Abstract:
We develop an assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements. We use a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL) to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic…
▽ More
We develop an assume-guarantee contract framework for the design of cyber-physical systems, modeled as closed-loop control systems, under probabilistic requirements. We use a variant of signal temporal logic, namely, Stochastic Signal Temporal Logic (StSTL) to specify system behaviors as well as contract assumptions and guarantees, thus enabling automatic reasoning about requirements of stochastic systems. Given a stochastic linear system representation and a set of requirements captured by bounded StSTL contracts, we propose algorithms that can check contract compatibility, consistency, and refinement, and generate a controller to guarantee that a contract is satisfied, following a stochastic model predictive control approach. Our algorithms leverage encodings of the verification and control synthesis tasks into mixed integer optimization problems, and conservative approximations of probabilistic constraints that produce both sound and tractable problem formulations. We illustrate the effectiveness of our approach on a few examples, including the design of embedded controllers for aircraft power distribution networks.
△ Less
Submitted 29 June, 2017; v1 submitted 25 May, 2017;
originally announced May 2017.
-
Diagnosis and Repair for Synthesis from Signal Temporal Logic Specifications
Authors:
Shromona Ghosh,
Dorsa Sadigh,
Pierluigi Nuzzo,
Vasumathi Raman,
Alexandre Donze,
Alberto Sangiovanni-Vincentelli,
S. Shankar Sastry,
Sanjit A. Seshia
Abstract:
We address the problem of diagnosing and repairing specifications for hybrid systems formalized in signal temporal logic (STL). Our focus is on the setting of automatic synthesis of controllers in a model predictive control (MPC) framework. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integer linear programs (MILPs), where infeasibility of…
▽ More
We address the problem of diagnosing and repairing specifications for hybrid systems formalized in signal temporal logic (STL). Our focus is on the setting of automatic synthesis of controllers in a model predictive control (MPC) framework. We build on recent approaches that reduce the controller synthesis problem to solving one or more mixed integer linear programs (MILPs), where infeasibility of a MILP usually indicates unrealizability of the controller synthesis problem. Given an infeasible STL synthesis problem, we present algorithms that provide feedback on the reasons for unrealizability, and suggestions for making it realizable. Our algorithms are sound and complete, i.e., they provide a correct diagnosis, and always terminate with a non-trivial specification that is feasible using the chosen synthesis method, when such a solution exists. We demonstrate the effectiveness of our approach on the synthesis of controllers for various cyber-physical systems, including an autonomous driving application and an aircraft electric power system.
△ Less
Submitted 4 February, 2016;
originally announced February 2016.
-
A Satisfiability Modulo Theory Approach to Secure State Reconstruction in Differentially Flat Systems Under Sensor Attacks
Authors:
Yasser Shoukry,
Pierluigi Nuzzo,
Nicola Bezzo,
Alberto L. Sangiovanni-Vincentelli,
Sanjit A. Seshia,
Paulo Tabuada
Abstract:
We address the problem of estimating the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility…
▽ More
We address the problem of estimating the state of a differentially flat system from measurements that may be corrupted by an adversarial attack. In cyber-physical systems, malicious attacks can directly compromise the system's sensors or manipulate the communication between sensors and controllers. We consider attacks that only corrupt a subset of sensor measurements. We show that the possibility of reconstructing the state under such attacks is characterized by a suitable generalization of the notion of s-sparse observability, previously introduced by some of the authors in the linear case. We also extend our previous work on the use of Satisfiability Modulo Theory solvers to estimate the state under sensor attacks to the context of differentially flat systems. The effectiveness of our approach is illustrated on the problem of controlling a quadrotor under sensor attacks.
△ Less
Submitted 10 September, 2015;
originally announced September 2015.
-
Secure State Estimation For Cyber Physical Systems Under Sensor Attacks: A Satisfiability Modulo Theory Approach
Authors:
Yasser Shoukry,
Pierluigi Nuzzo,
Alberto Puggelli,
Alberto L. Sangiovanni-Vincentelli,
Sanjit A. Seshia,
Paulo Tabuada
Abstract:
We address the problem of detecting and mitigating the effect of malicious attacks to the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability-Modulo-Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. By leverag…
▽ More
We address the problem of detecting and mitigating the effect of malicious attacks to the sensors of a linear dynamical system. We develop a novel, efficient algorithm that uses a Satisfiability-Modulo-Theory approach to isolate the compromised sensors and estimate the system state despite the presence of the attack, thus harnessing the intrinsic combinatorial complexity of the problem. By leveraging results from formal methods over real numbers, we provide guarantees on the soundness and completeness of our algorithm. We then report simulation results to compare its runtime performance with alternative techniques. Finally, we demonstrate its application to the problem of controlling an unmanned ground vehicle.
△ Less
Submitted 14 March, 2015; v1 submitted 14 December, 2014;
originally announced December 2014.
-
Platform-Based Design Methodology and Modeling for Aircraft Electric Power Systems
Authors:
Pierluigi Nuzzo,
John Finn,
Mohammad Mozumdar,
Alberto Sangiovanni-Vincentelli
Abstract:
In an aircraft electric power system (EPS), a supervisory control unit must actuate a set of switches to distribute power from generators to loads, while satisfying safety, reliability and real-time performance requirements. To reduce expensive re-design steps in current design methodologies, such a control problem is generally addressed based on minor incremental changes on top of consolidated so…
▽ More
In an aircraft electric power system (EPS), a supervisory control unit must actuate a set of switches to distribute power from generators to loads, while satisfying safety, reliability and real-time performance requirements. To reduce expensive re-design steps in current design methodologies, such a control problem is generally addressed based on minor incremental changes on top of consolidated solutions, since it is difficult to estimate the impact of earlier design decisions on the final implementation. In this paper, we introduce a methodology for the design space exploration and virtual prototy** of EPS supervisory control protocols, following the platform-based design (PBD) paradigm. Moreover, we describe the modeling infrastructure that supports the methodology. In PBD, design space exploration is carried out as a sequence of refinement steps from the initial specification towards a final implementation, by map** higher-level behavioral models into a set of library components at a lower level of abstraction. In our flow, the system specification is captured using SysML requirement and structure diagrams. State-machine diagrams enable verification of the control protocol at a high level of abstraction, while lowerlevel hybrid models, implemented in Simulink, are used to verify properties related to physical quantities, such as time, voltage and current values. The effectiveness of our approach is illustrated on a prototype EPS control protocol design.
△ Less
Submitted 24 November, 2013;
originally announced November 2013.