Papers
Topics
Authors
Recent
Search
2000 character limit reached

Soter: Safety, Security & Verification Frameworks

Updated 3 July 2026
  • Soter is a unified framework that leverages formal modeling techniques such as reachability analysis and invariant preservation to guarantee system safety across diverse domains.
  • In robotics, Soter combines high-performance untrusted controllers with certified fallback controllers and dynamic decision modules to maintain safety invariants even under adversarial conditions.
  • Soter extends to cryptographic model protection for LLMs and zero trust authentication in IoMT, balancing rigorous formal assurance with practical performance trade-offs.

Soter refers to a set of distinct frameworks and tools spanning runtime safety assurance for robotics, automatic verification of concurrent systems, cryptographic integrity and confidentiality in LLM inference, and zero-trust authentication in IoMT environments. Despite disparate domains, these systems are unified by rigorous formal modeling, compositional design, and mathematical guarantees.

1. Soter for Runtime Assurance in Robotics

Soter, as introduced by Seshia et al., is a domain-specific language and runtime-assurance (RTA) framework for constructing complex robot software stacks that incorporate untrusted (e.g., ML-based or third-party) components while providing hard safety guarantees (Desai et al., 2018). Soter exposes language-level primitives for declaratively constructing RTA modules, each encapsulating an uncertified advanced controller (AC), a certified safe controller (SC), and a runtime decision module (DM).

An RTA module M=(Nac,Nsc,Ndm,Δ,safe,safer)M = (N_{ac}, N_{sc}, N_{dm}, \Delta, safe, safer) is parameterized by:

  • NacN_{ac}: Untrusted, high-performance controller
  • NscN_{sc}: Certified fallback controller
  • NdmN_{dm}: Decision module, periodically monitors state and switches modes at interval Δ\Delta
  • safeSsafe \subseteq S: User-specified safe set
  • safersafesafer \subseteq safe: Recovery subset

The system maintains the safety invariant φ\varphi \equiv ‘the system state ss always lies in safesafe’. The DM uses worst-case reachability analysis to predict violations of NacN_{ac}0 within a lookahead of NacN_{ac}1, switching to NacN_{ac}2 as needed and reverting to NacN_{ac}3 when NacN_{ac}4 is re-entered.

The framework provides a formal guarantee:

NacN_{ac}5

If initially NacN_{ac}6 holds and NacN_{ac}7 is well-formed, NacN_{ac}8 is preserved at every step, ensuring NacN_{ac}9 for all NscN_{sc}0.

Compositionally, multiple RTA modules can be combined so long as they have disjoint outputs and nodes. The global safety guarantee is a conjunction of local invariants.

A real-world drone-surveillance deployment demonstrated that Soter RTA modules enforce safety even in the presence of malfunctioning or adversarial ACs. Empirically, AC was active 96% of the time, with a 40% improvement in mission completion time over always using SC and with no observed safety violations in hardware tests (Desai et al., 2018).

2. Soter Implementation in ROS and Distributed Robots

An extension of Soter for distributed mobile robotics (DMR) is presented as "SOTER on ROS" (Shivakumar et al., 2020). Here, Soter modules are implemented in the P language, a DSL for asynchronous event-driven systems, integrating the Simplex-style RTA pattern. Each key component (e.g., motion planner, executor) is structured as an RTA module with AC, SC, and DM, exposing modular, pluggable interfaces for controller injection and verification.

P-state machines are compiled to C++ and interface with ROS via a thin FFI. The language naturally aligns with ROS’s callback-based asynchronous model. Safety, liveness, and composability are maintained as in the base Soter specification.

Quantitative experiments in multi-robot scenarios on Gazebo demonstrated zero safety violations even when advanced controllers exhibited pathological or random-planning behavior. Performance penalties were modest (10–20%) and monitor-decision latency was negligible relative to control loop intervals, supporting scalability of the event-driven approach (Shivakumar et al., 2020).

3. Soter in Cryptographic Protection for LLM Model Inference

A cryptography-focused instantiation of Soter is a Partial-TEE-Shielded Execution (PTSE) framework for confidential and integrity-assured LLM inference (Saini et al., 11 Feb 2026). Here, the confidentiality objective (protecting LLM parameters) is realized via "parameter morphing"—all linear operators NscN_{sc}1 are blinded offline by a scalar NscN_{sc}2 (i.e., NscN_{sc}3), with online computation and recovery via GPU and in-enclave unblinding.

Integrity is checked via "oblivious fingerprinting": random linear combinations of fixed basis vectors NscN_{sc}4 are offloaded; their functional images are precomputed and stored in the TEE, enabling challenge-response validation of GPU computation.

However, reusing a static, NscN_{sc}5-dimensional basis for performance leads to an algebraic cryptanalytic vulnerability: all masks/fingerprints lie in a known subspace NscN_{sc}6. Adversaries can interpolate this subspace with NscN_{sc}7 queries, enabling:

  • Complete key recovery and parameter extraction (defeating confidentiality)
  • Integrity check bypass (forged inferences go undetected)

Empirically, permutation-layer secrets for LLaMA-3 and Gemma-3 models are extracted in minutes, and attacking larger models (e.g., 405B parameters) is polynomial in NscN_{sc}8. Mitigations require single-use randomness, coprocessor acceleration, or new primitives; this remains an unresolved challenge (Saini et al., 11 Feb 2026).

4. Soter as a Zero Trust Authentication System in IoMT

In the IoMT domain, Soter is a Zero Trust authentication and authorization system for dynamic, untrusted, medical edge networks (Allouzi et al., 2024). Soter phases:

  • Phase I: Trust Negotiation Authentication
    • Mutual multi-round negotiation protocol with session identifiers and COSE-signed credential sets
    • Dynamic computation of trust bands (e.g., “high,” “medium,” “low”) and context-based credential disclosure
    • MedDL policy vaults encode release/disclosure and access policies
  • Phase II: Attribute-Based Access Control (ABAC)
    • Final access decision computed by evaluating MedDL (Datalog with constraints) policies over subject, device, resource, and contextual evidence (e.g., geolocation, time, device health)

Trust is numerically assessed:

NscN_{sc}9

Access is granted iff NdmN_{dm}0, for some threshold NdmN_{dm}1, adapting dynamically to risk. Security analyses based on STRIDE and attack trees conclude the mutually authenticated messages, access tokens, and credential storage preserve confidentiality and integrity under Dolev–Yao adversaries, subject to correct configuration and uncompromised credential stores. Experiments in the GENI testbed confirm protocol efficiency with minimal resource overhead (Allouzi et al., 2024).

5. Soter for Automated Verification of Erlang-style Concurrency

A fifth Soter instance is a tool for fully-automatic verification of safety properties in actor-based, higher-order concurrent programs (e.g., Erlang) (D'Osualdo et al., 2013). The system abstracts λ-Actor programs by:

  • Defining a parametric abstract interpretation over three domains: time, data, mailbox
  • Interpreting programs as Actor Communicating Systems (ACS), a finite-control model that is precisely a Vector Addition System (VAS)
  • Compiling Erlang code to abstract machine states and automatically generating ACSs

Safety (unreachability of error locations, mutual exclusion, mailbox boundedness) is reduced to VAS coverability queries, which are EXPSPACE-complete but tractable for practical program sizes. Empirical evaluation demonstrates that Soter can verify a variety of realistic Erlang patterns in seconds without manual annotation. Limitations include insensitivity to mailbox ordering and challenges for stack-sensitive properties; future work suggests a CEGAR loop and extensions to richer language features (D'Osualdo et al., 2013).

6. Common Themes, Limitations, and Open Challenges

Despite targeting distinct technical domains, all Soter systems instantiate the following generic principles:

  • Formal Model-Based Design: Foundational use of reachability analysis, invariant preservation, or abstract interpretation to derive correctness or security guarantees.
  • Compositionality: Modular encapsulation of untrusted, high-performance subsystems within wrappers that guarantee overall system invariants by composition.
  • Runtime Monitoring: Dynamic, in situ detection and remediation when safety or security threats are predicted by model-based analysis.
  • Trade-offs: Tension between assurance level and performance—e.g., in the robotics and cryptography instantiations, increased runtime checks or masking may slow the underlying system.

Limitations are often intrinsic to these trade-offs. The cryptographic Soter is fundamentally limited by the risk of static-basis reuse; the robotics Soter depends on the quality of reachability tools, accurate state estimation, and real-time scheduling; the concurrency Soter sacrifices mailbox order for decidable analysis; the IoMT Soter’s security is only as strong as the configuration and the trust in key material storage.

No Soter variant solves the challenge of simultaneously maximizing safety/security, performance, and scalability in all settings.

7. Bibliographic and Cross-Domain Summary

Soter Domain Principal Papers Core Guarantee/Result
Robotics Runtime Assurance (Desai et al., 2018, Shivakumar et al., 2020) Runtime safety via modular Simplex-inspired RTA
LLM Cryptographic Integrity/IP (Saini et al., 11 Feb 2026) Confidentiality/integrity, but subject to basis attack
IoMT Zero Trust Authentication (Allouzi et al., 2024) Dynamic trust negotiation, MedDL-based ABAC
Concurrent Systems Verification (D'Osualdo et al., 2013) Decidable ACS abstraction for Erlang-like concurrency

Each Soter system illustrates the state-of-the-art in applying formal abstraction, runtime supervision, and modular modeling to domains where uncertainty, concurrency, or adversarial threats make static guarantees infeasible or inadequate.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to Soter.