S-RASP: Radar, Security & Transformer Transduction

• S-RASP in radar is a design that uses sparse random step-frequency selection to achieve high resolution, robust spectral efficiency, and cognitive interference avoidance.
• S-RASP in web security is a two-phase static analysis framework that replays runtime enforcement to detect vulnerabilities with higher precision and reduced false positives.
• S-RASP in transduction provides a formal programming model extending transformer capabilities with operations like prefix-sum to compute complex string transformations.

S-RASP refers to three distinct and unrelated scientific concepts, each emerging from separate research domains: (1) S-RASP (Sparse Random Step-Frequency) radar, an advanced radar waveform design for robust high-resolution sensing; (2) S-RASP, a two-phase static analysis technique for web application security derived from runtime protection (from the context of RASP security); and (3) S-RASP, a formal programming model extending RASP for characterizing the transduction capacity of transformer neural networks. Each S-RASP has its own technical foundations, objectives, and application areas. The following sections provide a comprehensive exposition of S-RASP in each of these contexts, synthesizing precise definitions, theoretical results, operational details, and empirical findings.

1. S-RASP in Radar: Sparse Random Step-Frequency Radar

1.1 Overview and Motivation

S-RASP as introduced in the radar literature (alternatively: RaSSteR) addresses the challenges of high range resolution profile (HRRP) synthesis using stepped-frequency (SF) processing. Conventional linear SFW radars achieve resolution by sweeping the spectrum but suffer from range-Doppler coupling and interference. Prior art addressed only one issue at a time. RaSSteR/S-RASP proposes using a sparse, random subset of frequency carriers each coherent processing interval (CPI), yielding spectral efficiency, robustness to jamming, and reduced range-Doppler entanglement through sparse recovery (Mishra et al., 2020).

1.2 Waveform Construction

Let $M+1$ denote the total number of available carrier slots over baseband bandwidth $B = M\Delta f$, with a sparse selection $$\Omega = \{d_n\}_{n=0}^{N-1} \subset \{0, 1, ..., M\}$$ ($N \ll M$) per CPI. The baseband transmit pulse is

$$x[n] = \sum_{m \in \Omega} e^{j2\pi(f_c + m\Delta f) n T}$$

where $T$ is the pulse repetition interval and $f_c$ is the lowest carrier. $\Omega$ is redrawn randomly each CPI, “thinning” the spectrum and introducing frequency agility.

1.3 Sensing Model and Sparse Recovery

For $K$ point targets on a $P \times Q$ delay-Doppler grid,

$$y[n] = \sum_{k=1}^K \gamma_k \exp\left[-j\frac{2\pi}{P} n_k d_n\right] \exp\left[-j\frac{2\pi}{Q} m_k n\right] + w[n]$$

or, more compactly, $y = \Phi x + w$, where $x \in \mathbb{C}^{PQ}$ is $K$-sparse. Sparse recovery is posed as

$$\min_{x} \|x\|_1 \quad \text{s.t.} \quad \|y - \Phi x\|_2 \leq \eta$$

with implementations including LASSO and greedy pursuits (e.g., OMP). Guarantees include:

• Uniqueness for $K < (N+1)/2$ (spark theorem),
• Exact $\ell_1$ recovery for $K$ below data-driven coherence thresholds.

1.4 Cognitive Interference Avoidance

RaSSteR admits "cognitive" operation under spectral interference: strong interferer sub-bands $\mathcal{I}$ are notched out, with $\Omega \subset \mathcal{I}^c$, random per CPI. Total transmit power is concentrated among fewer carriers, increasing per-carrier energy. Carrier selection also ensures maximal effective bandwidth and adequate carrier spacing for resolution.

1.5 Recovery Guarantees

Two principal theorems hold with high probability under random $\Omega$:

• Spark: $\mathrm{spark}(\Phi) = N + 1$, yielding unique recoverability for sparsity $K < (N+1)/2$,
• Coherence: $\mu(\Phi) < 1/(2K-1)$ under explicit bounds on $K$ as a function of $N$, $P$, $Q$, and failure probability $\delta$.

1.6 Empirical Performance

Experiments (e.g., $P = Q = 25$) show:

• SNR as low as $-30$\,dB: S-RASP+OMP recovers up to $K=12$ targets per coarse bin, outperforming LFM pulse-compression and sub-Nyquist in hit rate and false alarms,
• Under jamming (SIR $=10$\,dB): cognitive S-RASP maintains $>90\%$ hit rates, outperforming SFW, RSF, and LFM PDR,
• Statistical hit-rate advantage up to $30\%$ over RSF when $N<M$ and SIR is low.

S-RASP attains high-resolution, decoupled delay/Doppler estimation, theoretical compressed sensing recovery, and robust operation in spectral interference regimes (Mishra et al., 2020).

---

2. S-RASP in Static Application Security

2.1 Motivation and Key Concept

In the security analysis of web applications, SAST (Static Application Security Testing) and RASP (Runtime Application Security Protection) are typically disjoint: SAST analyzes all paths statically but with over-approximations; RASP instruments code dynamically but only covers executed paths. Duplication of policy code across SAST and RASP causes semantic drift and maintenance overhead. S-RASP (security) solves this by deriving SAST from RASP via a two-phase abstract interpretation framework, reusing the RASP enforcement code directly and guaranteeing coverage and consistency (Pupo et al., 2021).

2.2 Algorithmic Framework: Two-Phase Abstract Interpretation

Phase I: Abstract Interpretation of Uninstrumented Program

• Build the abstract state flow graph $G = (S, \rightarrow)$ for the original program using an abstract CESIK* machine model. States record program configurations, environments, and stores over a finite domain.
• Use coarse abstraction (e.g., low $k$-CFA, merged heap).

Phase II: Static Replay of RASP Enforcement

• Traverse $G$, identifying "trap" states corresponding to operations instrumented by RASP.
• For each trap, abstractly invoke the corresponding RASP handler (from the META library) at high precision.
• If the abstract handler call can return HALT, flag static violation at corresponding program location.
• The meta-store is updated at each state, ensuring fixed-point convergence.

Correctness Theorem (Policy-Equivalence):

$$\text{StaticViolates}_{2\text{PH}}(P,\ell) \iff \text{DynamicViolates}_{\text{RASP}}(P,\ell)$$

This ensures static and dynamic detection are semantically equivalent up to base analysis soundness.

2.3 Example: SQL-Injection Prevention

• RASP policy: Disallow db.query if its first argument is tainted (i.e., derived from user input).
• Runtime: Calls to db.query instrumented with EM wrapper using META.apply, which checks taint and may return HALT, causing a runtime exception.
• Phase I: Static flow graph marks user input as tainted.
• Phase II: When replaying META.apply, abstract interpreter finds HALT is possible, reporting the static violation at the correct source point, mirroring runtime enforcement, and requiring no policy reimplementation in SAST.

2.4 Computational Trade-offs and Empirical Results

By decoupling base-program and policy-enforcement analysis precision:

• Phase I can be coarse for scalability;
• Phase II (enforcement library) can be highly precise for accuracy. Empirical results show:
• 2PH_HH (2-phase/high-precision) uses 25–40% fewer states and is 20–35% faster than monolithic (1PH_HH);
• 2PH_HL drops false positives by 30–50% in call-heavy code;
• On real-world policies (e.g., “limit-fetch”), 2PH achieves perfect precision/recall and can halve run-time and state counts versus 1PH approaches.

These advances result in precise, maintainable static analysis aligned with dynamic enforcement (Pupo et al., 2021).

---

3. S-RASP in Sequence Transduction and Transformer Expressivity

3.1 Syntax and Semantics

S-RASP in formal language/transformer theory extends the RASP (“Restricted Access Sequence Programming”) language. An S-RASP program defines Boolean, symbol, and integer vectors of length $n$ via:

• Position-wise operations (finite functions, +, –, comparisons),
• “Hard” attention (leftmost/rightmost with masking), and
• The S-RASP-only prefix-sum operation:

$P(i) = \min\left(n-1, \sum_{j=0}^{i} V(j)\right)$

where $V$ is an integer vector and $P$ is clipped to $[0, n-1]$.

3.2 Theoretical Expressivity

Main Theorem: Every first-order polyregular string-to-string function $f:\Sigma^*\to\Gamma^*$ is computable by some S-RASP program (Strobl et al., 2024).

• B-RASP expresses first-order rational functions;
• B-RASP[pos] extends to all first-order regular transductions with positional reasoning;
• S-RASP, by adding prefix sums, can perform all FO-polyregular transductions (including compositions with “marked-square” expansion and other pattern duplications);
• S-RASP can compute further functions outside FO-polyregular (e.g., “majority-rules”).

3.3 Example Programs

Marked-Square: For input $w = w_1w_2…w_\ell$, outputs $|W_1|W_2|…|W_\ell|$ with $W_k$ the string $w$ with first $k$ letters marked.

Majority-Rules: Outputs $a$ repeated $n$ times if $a$ is the majority, else $b$, by prefix summing indicator vectors for $a$, $b$.

3.4 Simulation by Masked Average-Hard Transformers

Any S-RASP program (and hence any FO-polyregular transducer) can be simulated exactly by a constant-depth transformer encoder with average-hard attention and fixed position encoding consisting of $\mathit{pos} = i/n$, $\mathit{posq} = (i/n)^2$, and $\mathit{posi} = 1/(i+2)$. Table lookup, prefix-sum, and left/rightmost attention are effected by specific formulations of attention scores ensuring the correct selection or aggregation of token positions.

Table: S-RASP and Transformer Operations

Operation	S-RASP Primitives	Transformer Simulation
Vector definition	Boolean/symbol/int	One-hot/real encoding
Hard attention	leftmost/rightmost	Average-hard attention scores
Prefix sum	prefixSum	Future-masked multi-layer

3.5 Significance for Neural Program Synthesis

S-RASP provides an exact formal tool for relating transformer architectures to classes of formal string transductions. The simulation theorem shows that average-hard attention transformers can, in principle, implement all S-RASP-defined transductions exactly, not only star-free regular or rational functions but all FO-polyregular and certain non-polyregular operations (Strobl et al., 2024).

---

4. Relations, Scope, and Nomenclature

The S-RASP acronym arises independently in (1) advanced radar waveform/cognitive compressed sensing literature, (2) software security analysis (static-dynamic alignment), and (3) automata-theoretic frameworks for understanding neural sequence models. No connections exist across these research threads beyond coincidental acronym reuse. Each S-RASP embodies technical innovations in its field: compressed sensing in radar, abstract interpretation in static analysis, and formal transduction in computational learning theory.

---

• RaSSteR/S-RASP radar: "RaSSteR: Random Sparse Step-Frequency Radar" (Mishra et al., 2020)
• S-RASP for security: "Deriving Static Security Testing from Runtime Security Protection for Web Applications" (Pupo et al., 2021)
• S-RASP in formal language/transformers: "Transformers as Transducers" (Strobl et al., 2024)

Each publication establishes the S-RASP concept in its respective domain, with precise theoretical and empirical characterizations.