Soter: Safety, Security & Verification Frameworks
- Soter is a unified framework that leverages formal modeling techniques such as reachability analysis and invariant preservation to guarantee system safety across diverse domains.
- In robotics, Soter combines high-performance untrusted controllers with certified fallback controllers and dynamic decision modules to maintain safety invariants even under adversarial conditions.
- Soter extends to cryptographic model protection for LLMs and zero trust authentication in IoMT, balancing rigorous formal assurance with practical performance trade-offs.
Soter refers to a set of distinct frameworks and tools spanning runtime safety assurance for robotics, automatic verification of concurrent systems, cryptographic integrity and confidentiality in LLM inference, and zero-trust authentication in IoMT environments. Despite disparate domains, these systems are unified by rigorous formal modeling, compositional design, and mathematical guarantees.
1. Soter for Runtime Assurance in Robotics
Soter, as introduced by Seshia et al., is a domain-specific language and runtime-assurance (RTA) framework for constructing complex robot software stacks that incorporate untrusted (e.g., ML-based or third-party) components while providing hard safety guarantees (Desai et al., 2018). Soter exposes language-level primitives for declaratively constructing RTA modules, each encapsulating an uncertified advanced controller (AC), a certified safe controller (SC), and a runtime decision module (DM).
An RTA module is parameterized by:
- : Untrusted, high-performance controller
- : Certified fallback controller
- : Decision module, periodically monitors state and switches modes at interval
- : User-specified safe set
- : Recovery subset
The system maintains the safety invariant ‘the system state always lies in ’. The DM uses worst-case reachability analysis to predict violations of 0 within a lookahead of 1, switching to 2 as needed and reverting to 3 when 4 is re-entered.
The framework provides a formal guarantee:
5
If initially 6 holds and 7 is well-formed, 8 is preserved at every step, ensuring 9 for all 0.
Compositionally, multiple RTA modules can be combined so long as they have disjoint outputs and nodes. The global safety guarantee is a conjunction of local invariants.
A real-world drone-surveillance deployment demonstrated that Soter RTA modules enforce safety even in the presence of malfunctioning or adversarial ACs. Empirically, AC was active 96% of the time, with a 40% improvement in mission completion time over always using SC and with no observed safety violations in hardware tests (Desai et al., 2018).
2. Soter Implementation in ROS and Distributed Robots
An extension of Soter for distributed mobile robotics (DMR) is presented as "SOTER on ROS" (Shivakumar et al., 2020). Here, Soter modules are implemented in the P language, a DSL for asynchronous event-driven systems, integrating the Simplex-style RTA pattern. Each key component (e.g., motion planner, executor) is structured as an RTA module with AC, SC, and DM, exposing modular, pluggable interfaces for controller injection and verification.
P-state machines are compiled to C++ and interface with ROS via a thin FFI. The language naturally aligns with ROS’s callback-based asynchronous model. Safety, liveness, and composability are maintained as in the base Soter specification.
Quantitative experiments in multi-robot scenarios on Gazebo demonstrated zero safety violations even when advanced controllers exhibited pathological or random-planning behavior. Performance penalties were modest (10–20%) and monitor-decision latency was negligible relative to control loop intervals, supporting scalability of the event-driven approach (Shivakumar et al., 2020).
3. Soter in Cryptographic Protection for LLM Model Inference
A cryptography-focused instantiation of Soter is a Partial-TEE-Shielded Execution (PTSE) framework for confidential and integrity-assured LLM inference (Saini et al., 11 Feb 2026). Here, the confidentiality objective (protecting LLM parameters) is realized via "parameter morphing"—all linear operators 1 are blinded offline by a scalar 2 (i.e., 3), with online computation and recovery via GPU and in-enclave unblinding.
Integrity is checked via "oblivious fingerprinting": random linear combinations of fixed basis vectors 4 are offloaded; their functional images are precomputed and stored in the TEE, enabling challenge-response validation of GPU computation.
However, reusing a static, 5-dimensional basis for performance leads to an algebraic cryptanalytic vulnerability: all masks/fingerprints lie in a known subspace 6. Adversaries can interpolate this subspace with 7 queries, enabling:
- Complete key recovery and parameter extraction (defeating confidentiality)
- Integrity check bypass (forged inferences go undetected)
Empirically, permutation-layer secrets for LLaMA-3 and Gemma-3 models are extracted in minutes, and attacking larger models (e.g., 405B parameters) is polynomial in 8. Mitigations require single-use randomness, coprocessor acceleration, or new primitives; this remains an unresolved challenge (Saini et al., 11 Feb 2026).
4. Soter as a Zero Trust Authentication System in IoMT
In the IoMT domain, Soter is a Zero Trust authentication and authorization system for dynamic, untrusted, medical edge networks (Allouzi et al., 2024). Soter phases:
- Phase I: Trust Negotiation Authentication
- Mutual multi-round negotiation protocol with session identifiers and COSE-signed credential sets
- Dynamic computation of trust bands (e.g., “high,” “medium,” “low”) and context-based credential disclosure
- MedDL policy vaults encode release/disclosure and access policies
- Phase II: Attribute-Based Access Control (ABAC)
- Final access decision computed by evaluating MedDL (Datalog with constraints) policies over subject, device, resource, and contextual evidence (e.g., geolocation, time, device health)
Trust is numerically assessed:
9
Access is granted iff 0, for some threshold 1, adapting dynamically to risk. Security analyses based on STRIDE and attack trees conclude the mutually authenticated messages, access tokens, and credential storage preserve confidentiality and integrity under Dolev–Yao adversaries, subject to correct configuration and uncompromised credential stores. Experiments in the GENI testbed confirm protocol efficiency with minimal resource overhead (Allouzi et al., 2024).
5. Soter for Automated Verification of Erlang-style Concurrency
A fifth Soter instance is a tool for fully-automatic verification of safety properties in actor-based, higher-order concurrent programs (e.g., Erlang) (D'Osualdo et al., 2013). The system abstracts λ-Actor programs by:
- Defining a parametric abstract interpretation over three domains: time, data, mailbox
- Interpreting programs as Actor Communicating Systems (ACS), a finite-control model that is precisely a Vector Addition System (VAS)
- Compiling Erlang code to abstract machine states and automatically generating ACSs
Safety (unreachability of error locations, mutual exclusion, mailbox boundedness) is reduced to VAS coverability queries, which are EXPSPACE-complete but tractable for practical program sizes. Empirical evaluation demonstrates that Soter can verify a variety of realistic Erlang patterns in seconds without manual annotation. Limitations include insensitivity to mailbox ordering and challenges for stack-sensitive properties; future work suggests a CEGAR loop and extensions to richer language features (D'Osualdo et al., 2013).
6. Common Themes, Limitations, and Open Challenges
Despite targeting distinct technical domains, all Soter systems instantiate the following generic principles:
- Formal Model-Based Design: Foundational use of reachability analysis, invariant preservation, or abstract interpretation to derive correctness or security guarantees.
- Compositionality: Modular encapsulation of untrusted, high-performance subsystems within wrappers that guarantee overall system invariants by composition.
- Runtime Monitoring: Dynamic, in situ detection and remediation when safety or security threats are predicted by model-based analysis.
- Trade-offs: Tension between assurance level and performance—e.g., in the robotics and cryptography instantiations, increased runtime checks or masking may slow the underlying system.
Limitations are often intrinsic to these trade-offs. The cryptographic Soter is fundamentally limited by the risk of static-basis reuse; the robotics Soter depends on the quality of reachability tools, accurate state estimation, and real-time scheduling; the concurrency Soter sacrifices mailbox order for decidable analysis; the IoMT Soter’s security is only as strong as the configuration and the trust in key material storage.
No Soter variant solves the challenge of simultaneously maximizing safety/security, performance, and scalability in all settings.
7. Bibliographic and Cross-Domain Summary
| Soter Domain | Principal Papers | Core Guarantee/Result |
|---|---|---|
| Robotics Runtime Assurance | (Desai et al., 2018, Shivakumar et al., 2020) | Runtime safety via modular Simplex-inspired RTA |
| LLM Cryptographic Integrity/IP | (Saini et al., 11 Feb 2026) | Confidentiality/integrity, but subject to basis attack |
| IoMT Zero Trust Authentication | (Allouzi et al., 2024) | Dynamic trust negotiation, MedDL-based ABAC |
| Concurrent Systems Verification | (D'Osualdo et al., 2013) | Decidable ACS abstraction for Erlang-like concurrency |
Each Soter system illustrates the state-of-the-art in applying formal abstraction, runtime supervision, and modular modeling to domains where uncertainty, concurrency, or adversarial threats make static guarantees infeasible or inadequate.