SMELL-CPS: Symbolic Math Expressions from Low-level Logic in Cyber-Physical Systems (ReMATH AIE)

Project Overview

Under DARPA ReMATH (AIE), SMELL-CPS established a programmatic workflow for recovering symbolic mathematical structure from firmware-level control logic in cyber-physical systems.

The project combined symbolic execution, static analysis, and modular expression refinement to bridge the gap between binary-level implementations and human-meaningful control semantics.

This research line seeded follow-on work including PERFUME, SensorLoader, and AutoCPS, and informs newer property-guided surrogation workflows for CPS safety analysis.

Key Capabilities

• Recover symbolic expressions from low-level controller binaries and map them into modular semantic components
• Link peripheral-level communication behavior to higher-level control semantics across embedded CPS platforms
• Generate semantically structured datasets for training and evaluating reverse-engineering pipelines
• Support property-oriented analysis workflows that connect semantic recovery with CPS testing and falsification

Example Use Cases

• Firmware-level reverse engineering of embedded CPS controllers when source code is incomplete or unavailable
• Extraction of interpretable control math for analyst review and assurance workflows
• Automated dataset generation for semantic reverse-engineering models and evaluation benchmarks
• Property-guided reduction and surrogation to accelerate safety-focused CPS analysis

Project Figures

Selected Publications

• PERFUME: Programmatic Extraction and Refinement for Usability of Mathematical Expression

  Nicolaas Weideman, Virginia K Felkner, Wei-Cheng Wu, Jonathan May, Christophe Hauser, Luis Garcia · Proceedings of the 2021 Research on offensive and defensive techniques in the Context of Man At The End (MATE) Attacks (2021)

• AutoCPS: Control Software Dataset Generation for Semantic Reverse Engineering

  Haoda Wang, Christophe Hauser, Luis Garcia · 2022 IEEE Security and Privacy Workshops (SPW) (2022)

• SensorLoader: Bridging the Gap in Cyber-Physical Reverse Engineering Across Embedded Peripheral Devices

  Anmei Dasbach-Prisk, Cory Dewitt, Luis Garcia · Proceedings of the First International Workshop on Security and Privacy of Sensing Systems (2023)

• Property-Guided Cyber-Physical Reduction and Surrogation for Safety Analysis in Robotic Vehicles

  Nazmus Shakib Sayom, Luis A Garcia · Security and Privacy in Cyber-Physical Systems and Smart Vehicles: Third EAI International Conference, SmartSP 2025, Salt Lake City, Utah, USA, December 1--2, 2025, Proceedings (2025)

Research Themes