Results 1 - 10
of
12
Efficient and Generalized Decentralized Monitoring of Regular Languages
"... Abstract. This paper proposes an efficient and generalized decentralized moni-toring algorithm allowing to detect satisfaction or violation of any regular specifi-cation by local monitors alone in a system without central observation point. Our algorithm does not assume any form of synchronization b ..."
Abstract
-
Cited by 2 (2 self)
- Add to MetaCart
(Show Context)
Abstract. This paper proposes an efficient and generalized decentralized moni-toring algorithm allowing to detect satisfaction or violation of any regular specifi-cation by local monitors alone in a system without central observation point. Our algorithm does not assume any form of synchronization between system events and communication of monitors, uses state machines as underlying mechanism for efficiency, and tries to keep the number and size of messages exchanged be-tween monitors to a minimum. We provide a full implementation of the algorithm with an open-source benchmark to evaluate its efficiency in terms of number, size of exchanged messages, and delay induced by communication between monitors. Experimental results demonstrate the effectiveness of our algorithm which out-performs the previous most general one along several (new) monitoring metrics. 1
Runtime Verification of Component-Based Systems in the BIP Framework with Formally-Proved Sound and Complete Instrumentation
"... Abstract. Verification of component-based systems still suffers from limitations such as state space explosion since a large number of different components may interact in an heterogeneous environment. These limitations entail the need for complementary verification methods such as runtime verificat ..."
Abstract
-
Cited by 2 (1 self)
- Add to MetaCart
(Show Context)
Abstract. Verification of component-based systems still suffers from limitations such as state space explosion since a large number of different components may interact in an heterogeneous environment. These limitations entail the need for complementary verification methods such as runtime verification based on dynamic analysis and apt to scalability. In this paper, we integrate runtime verification into the BIP (Behavior, Interaction and Priority) framework. BIP is a powerful and expressive component-based framework for the formal construction of heterogeneous systems. Our method augments BIP systems with monitors to check specifications at runtime. This method has been implemented in RV-BIP, a prototype tool that we used to validate the whole approach on a robotic application. 1
An LTL Proof System for Runtime Verification
"... Abstract. We propose a local proof system for LTL formalising de-ductions within the constraints of Runtime Verification (RV), and show how such a system can be used as a basis for the construction of online runtime monitors. Novel soundness and completeness results are proven for this system. We al ..."
Abstract
-
Cited by 1 (1 self)
- Add to MetaCart
(Show Context)
Abstract. We propose a local proof system for LTL formalising de-ductions within the constraints of Runtime Verification (RV), and show how such a system can be used as a basis for the construction of online runtime monitors. Novel soundness and completeness results are proven for this system. We also prove decidability and incrementality proper-ties for a monitoring algorithm constructed from it. Finally, we relate its expressivity to existing symbolic analysis techniques used in RV. 1
Runtime Enforcement for Component-Based Systems
"... We propose a theoretical runtime enforcement framework for component-based systems (CBS) where we delineate a hierarchy of enforceable properties (i.e., properties that can be enforced) ac-cording to the number of observational steps a system is allowed to deviate from the property (i.e., the notion ..."
Abstract
-
Cited by 1 (0 self)
- Add to MetaCart
(Show Context)
We propose a theoretical runtime enforcement framework for component-based systems (CBS) where we delineate a hierarchy of enforceable properties (i.e., properties that can be enforced) ac-cording to the number of observational steps a system is allowed to deviate from the property (i.e., the notion of k-step enforceability). To ensure the observational equivalence between the correct execu-tions of the initial system and the monitored system, we show that i) only stutter-invariant properties should be enforced on CBS with our monitors, ii) safety properties are 1-step enforceable. Given an abstract enforcement monitor for some 1-step enforceable property, we formally instrument (at relevant locations) a system to integrate the monitor. At runtime, the monitor observes and automatically avoids any error in the behavior of the system w.r.t. the property. 1.
Enforcement of (Timed) Properties with Uncontrollable Events
"... Abstract. This paper deals with runtime enforcement of untimed and timed properties with uncontrollable events. Runtime enforcement consists in modi-fying the executions of a running system to ensure their correctness with respect to a desired property. We introduce a framework that takes as input a ..."
Abstract
- Add to MetaCart
Abstract. This paper deals with runtime enforcement of untimed and timed properties with uncontrollable events. Runtime enforcement consists in modi-fying the executions of a running system to ensure their correctness with respect to a desired property. We introduce a framework that takes as input any regu-lar (timed) property over an alphabet of events, with some of these events being uncontrollable. An uncontrollable event cannot be delayed nor intercepted by an enforcement mechanism. Enforcement mechanisms satisfy important properties, namely soundness and compliance- meaning that enforcement mechanisms out-put correct executions that are close to the input execution. We discuss the condi-tions for a property to be enforceable with uncontrollable events, and we define enforcement mechanisms that modify executions to obtain a correct output, as soon as possible. Moreover, we synthesize sound and compliant descriptions of runtime enforcement mechanisms at two levels of abstraction to facilitate their design and implementation. 1
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING (preprint) 1 Monitoring Data Usage in Distributed Systems
"... Abstract—IT systems manage increasing amounts of sensitive data and there is a growing concern that they comply with policies that regulate data usage. In this article, we use temporal logic to express policies, and runtime monitoring to check system compliance. While well-established methods for mo ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract—IT systems manage increasing amounts of sensitive data and there is a growing concern that they comply with policies that regulate data usage. In this article, we use temporal logic to express policies, and runtime monitoring to check system compliance. While well-established methods for monitoring linearly-ordered system behavior exist, a major challenge is monitoring distributed and concurrent systems, where actions are locally observed in the different system parts. These observations can only be partially ordered while policy compliance may depend on the actions ’ actual order of appearance. Technically speaking, it is in general intractable to check compliance of partially ordered traces. We identify fragments of our policy specification language for which compliance can be checked efficiently, namely, by monitoring a single representative trace in which the observed actions are totally ordered. Through a case study we show that the fragments are capable of expressing non-trivial policies and that monitoring representative traces is feasible on real-world data.
Enhancing Approximations for Regular Reachability Analysis
"... Abstract. This paper introduces two mechanisms for computing over-approximations of sets of reachable states, with the aim of ensuring termination of state-space exploration. The first mechanism consists in over-approximating the automata representing reachable sets by merg-ing some of their states ..."
Abstract
- Add to MetaCart
(Show Context)
Abstract. This paper introduces two mechanisms for computing over-approximations of sets of reachable states, with the aim of ensuring termination of state-space exploration. The first mechanism consists in over-approximating the automata representing reachable sets by merg-ing some of their states with respect to simple syntactic criteria, or a combination of such criteria. The second approximation mechanism con-sists in manipulating an auxiliary automaton when applying a transducer representing the transition relation to an automaton encoding the initial states. In addition, for the second mechanism we propose a new approach to refine the approximations depending on a property of interest. The proposals are evaluated on examples of mutual exclusion protocols. 1
Checking System Compliance by Slicing and Monitoring Logs?
, 2013
"... Abstract. It is a growing concern of companies and end users whether the agents of an IT system, i.e., its processes and users, comply with security policies, which, e.g., stipulate how sensitive data must and must not be used by the agents. We present a scalable solution for compliance checking bas ..."
Abstract
- Add to MetaCart
Abstract. It is a growing concern of companies and end users whether the agents of an IT system, i.e., its processes and users, comply with security policies, which, e.g., stipulate how sensitive data must and must not be used by the agents. We present a scalable solution for compliance checking based on monitoring the agents ’ behavior, where policies are specified in an expressive temporal logic and the system actions are logged. In particular, our solution utilizes the MapReduce framework to parallelize the process of monitoring the logged actions. We also provide the theoretical underpinnings of our solution as a theoretical framework for slicing logs, i.e., the reorganization of the logged actions into parts that can be analyzed independently of each other. We present orthogonal methods for generating such slices and provide means to combine these methods. Finally, we report on a real-world case study, which demonstrates the feasibility and the scalability of our monitoring solution. 1
Organising LTL Monitors over Distributed Systems with a Global Clock
"... away the architecture of the system, allowing them to directly specify correct-ness properties on the global system behaviour. To support this abstraction, a compilation of the properties would not only involve the typical choice of moni-toring algorithm, but also the organisation of submonitors acr ..."
Abstract
- Add to MetaCart
(Show Context)
away the architecture of the system, allowing them to directly specify correct-ness properties on the global system behaviour. To support this abstraction, a compilation of the properties would not only involve the typical choice of moni-toring algorithm, but also the organisation of submonitors across the component network. Existing approaches, considered in the context of LTL properties over distributed systems with a global clock, include the so-called orchestration and migration approaches. In the orchestration approach, a central monitor receives the events from all subsystems. In the migration approach, LTL formulae transfer themselves across subsystems to gather local information. We propose a third way of organising submonitors: choreography — where mon-itors are orgnized as a tree across the distributed system, and each child feeds intermediate results to its parent. We formalise this approach, proving its cor-rectness and worst case performance, and report on an empirical investigation comparing the three approaches on several concerns of decentralised monitoring. 1
