Matthieu Renard
Abstract
Abstract
This paper deals with runtime enforcement of timed properties with uncontrollable events. Runtime enforcement consists in defining and using an enforcement mechanism that modifies the executions of a running system to ensure their correctness with respect to the desired property. Uncontrollable events cannot be modified by the enforcement mechanisms and thus have to be released immediately. We present a complete theoretical framework for synthesising such mechanism, modelling the runtime enforcement problem as a Büchi game. It permits to pre-compute the decisions of the enforcement mechanism, thus avoiding to explore the whole execution tree at runtime. The obtained enforcement mechanism is sound, compliant and optimal, meaning that it should output as soon as possible correct executions that are as close as possible to the input execution. This framework takes as input any timed regular property modelled by a timed automaton. We present GREP, a tool implementing this approach. We provide algorithms and implementation details of the different modules of GREP, and evaluate its performance. The results are compared with another state of the art runtime enforcement tool.
- [ACC+04] Alcalde B, Cavalli A, Chen D, Khuu D, Lee D (2004) Network protocol system passive testing for fault management: A backward checking approach. In: International conference on formal techniques for networked and distributed systems. Springer, pp 150–166Google Scholar
- [ACH+92] Alur R, Courcoubetis C, Halbwachs N, Dill D, Wong-Toi H (1992) Minimization of timed transition systems. In: CONCUR'92. Springer, pp 340–354Google Scholar
- [AD92] Alur R, Dill D(1992) The theory of timed automata. In: de Bakker JW, Huizing C, de Roever WP, Rozenberg G(eds)Real-Time: Theory in Practice, volume 600 of Lecture Notes in Computer Science. Springer, Heidelberg, pp 45–73Google Scholar
- [BF18] Bartocci E, Falcone Y, (eds) (2018) Lectures on Runtime Verification - Introductory and Advanced Topics, volume 10457 of Lecture Notes in Computer Science. Springer, HeidelbergGoogle Scholar
- [BFFR18] Bartocci E, Falcone Y, Francalanza A, Reger G (2018) Introduction to runtime verification. In: Bartocci and Falcone [BF18], pp 1–33Google Scholar
- [BJKZ13] Basin D, Jugé V, Klaedtke F, Zălinescu E (2013) Enforceable security policies revisited. ACM Trans Inf Syst Secur 16(1):3:1–3:26Google Scholar
- [BKKW15] Bloem R, Könighofer B, Könighofer R, Wang C (2015) Shield synthesis: runtime enforcement for reactive systems. In: CoRR, arXiv:1501.02573Google Scholar
- [BKZ11] Basin D, Klaedtke F, Zalinescu E (2011) Algorithms for monitoring real-time properties. In: Khurshid S, Sen K (eds) Proceedings of the 2nd international conference on runtime verification (RV 2011), volume 7186 of lecture notes in computer science. Springer, pp 260–275Google Scholar
- [BY04] Timed automata: Semantics, aalgorithms and toolsLect Notes Comput Sci200430988712410.1007/978-3-540-27755-2_3Google ScholarCross Ref
- [CEFJ15] Charafeddine H, El-Harake K, Falcone Y, Jaber M (2015) Runtime enforcement for component-based systems. In: Proceedings of the 30th annual ACM symposium on applied computing, 2015, pp 1789–1796Google Scholar
- [CGP03] New approaches for passive testing using an extended finite state machine specificationInf Softw Technol2003451283785210.1016/S0950-5849(03)00063-6Google ScholarCross Ref
- [CHP08] Chatterjee K, Henzinger TA, Piterman N (2008) Algorithms for büchi games. arXiv:0805.2620Google Scholar
- [CMP92] Chang E, Manna Z, Pnueli A (1992) Characterization of temporal property classes. In: Automata, languages and programming, pp 474–486Google Scholar
- [DLR15] Modeling runtime enforcement with mandatory results automataInt J Inf Secur2015141476010.1007/s10207-014-0239-8Google ScholarDigital Library
- [Fal10] Falcone Y (2010) You should better enforce than verify. In: Barringer H, Falcone Y, Finkbeiner B, Havelund K, Lee I, Pace GJ, Rosu G, Sokolsky O, Tillmann N (eds), proceedings Runtime verification - first international conference, RV 2010, St. Julians, Malta, November 1-4, 2010, volume 6418 of lecture notes in computer science. Springer, pp 89–105Google Scholar
- [FFM12] What can you verify and enforce at runtime?Int J Softw Tools Technol Transfer201214334938210.1007/s10009-011-0196-8Google Scholar
- [FHR13] Falcone Y, Havelund K, Reger G (2013) A tutorial on runtime verification. In: Broy M, Peled DA, Kalus G (eds) Engineering dependable software systems, volume 34 of NATO science for peace and security series, D: information and communication security. IOS Press, pp 141–175Google Scholar
- [FJMP16] Runtime enforcement of regular timed properties by suppressing and delaying eventsSyst Control Lett2016123241Google ScholarDigital Library
- [FMFR11] Runtime enforcement monitors: composition, synthesis, and enforcement abilitiesFormal Methods Syst Des201138322326210.1007/s10703-011-0114-4Google ScholarDigital Library
- [FMRS18] Falcone Y, Mariani L, Rollet A, Saha S (2018) Runtime failure prevention and reaction. In: Bartocci and Falcone [BF18], pp 103–134Google Scholar
- [FP19] Falcone Y, Pinisetty S (2019) On the runtime enforcement of timed properties. In: Bernd F, Leonardo M (eds), Proceedings runtime verification—19th international conference, RV 2019, Porto, Portugal, October 8-11, 2019, volume 11757 of Lecture Notes in Computer Science. Springer, pp. 48–69Google Scholar
- [GT02] Automata, logics, and infinite games: a guide to current research2002BerlinSpringer10.1007/3-540-36387-4Google ScholarCross Ref
- [KT12] Which security policies are enforceable by runtime monitors?A survey. Comput Sci Rev201261274510.1016/j.cosrev.2012.01.001Google ScholarCross Ref
- [LBW09] Ligatti J, Bauer L, Walker D (2009) Run-time enforcement of nonsafety policies. ACM Trans Inf Syst Secur 12(3):19:1–19:41Google Scholar
- [LS09] A brief account of runtime verificationJ Log Algebr Program200978529330310.1016/j.jlap.2008.08.004Google ScholarCross Ref
- [MP90] Manna Z, Pnueli A (1990) A hierarchy of temporal properties (invited paper, 1989). In: Proceedings of the ninth annual ACM symposium on Principles of distributed computing. ACM, pp 377–410Google Scholar
- [PFJ+13] Pinisetty S, Falcone Y, Jéron T, Marchand H, Rollet A, Nguena Timo O (2013) Runtime enforcement of timed properties. In: Shaz Q, Serdar T (eds) Runtime verification, volume 7687 of lecture notes in computer science. Springer, pp. 229–244Google Scholar
- [PFJ+14] Runtime enforcement of timed properties revisitedFormal Methods Syst Des201445338142210.1007/s10703-014-0215-yGoogle ScholarDigital Library
- [PFJM14a] Pinisetty S, Falcone Y, Jéron T, Marchand H (2014) Runtime enforcement of parametric timed properties with practical applications. In: 12th international workshop on discrete event systems, WODES 2014, Cachan, France, May 14-16, 2014, pp 420–427Google Scholar
- [PFJM14b] Pinisetty S, Falcone Y, Jéron T, Marchand H (2014) Runtime enforcement of regular timed properties. In: Cho Y, Shin SY, Kim SW, Hung CC, Hong J (eds) Symposium on applied computing, SAC 2014, Gyeongju, Republic of Korea—March 24-28, 2014. ACM, pp 1279–1286Google Scholar
- [PFJM15] Pinisetty S, Falcone Y, Jéron T, Marchand H (2015) TiPEX: a tool chain for timed property enforcement during execution. In: Bartocci E, Majumdar R, (eds) RV’2015, 6th international conference on runtime verification, volume 9333 of lecture notes in computer science, Vienne, Austria, Springer, pp 12Google Scholar
- [RFR+17] Optimal enforcement of (timed) properties with uncontrollable eventsMath Struct Comput Sci2017291169214388232110.1017/S0960129517000123Google Scholar
- [RRF17a] Renard M, Rollet A, Falcone Y (2017) Grep: games for the runtime enforcement of properties. In: Nina Y, Ana Rosa C, Hüsnü Y (eds) Testing Software and Systems—ICTSS 2017. Springer, Berlin, pp 259–275Google Scholar
- [RRF17b] Renard M, Rollet A, Falcone Y (2017) Runtime enforcement using Büchi games. In: Proceedings of model checking software—24th international symposium, SPIN 2017, Co-located with ISSTA 2017, Santa Barbara, USA. ACM Press, pp 70–79Google Scholar
- [Sch00] Enforceable security policiesACM Trans Inf Syst Secur200031305010.1145/353323.353382Google ScholarDigital Library
- [UDB11] UDBM (2011) Uppaal DBM Library. http://people.cs.aau.dk/~adavid/UDBM/. Accessed: 2017-04-27Google Scholar
- [WZW16] Wu M, Zeng H, Wang C (2016) Synthesizing runtime enforcer of safety properties under burst error. In: 8th NASA Formal methods symposium NFM16, Minneapolis, USAGoogle Scholar
Recommendations
Runtime enforcement of timed properties revisited
Runtime enforcement is a powerful technique to ensure that a running system satisfies some desired properties. Using an enforcement monitor, an (untrustworthy) input execution (in the form of a sequence of events) is modified into an output sequence ...
Runtime enforcement using Büchi games
SPIN 2017: Proceedings of the 24th ACM SIGSOFT International SPIN Symposium on Model Checking of SoftwareWe leverage Büchi games for the runtime enforcement of regular properties with uncontrollable events. Runtime enforcement consists in modifying the execution of a running system to have it satisfy a given regular property, modelled by an automaton. We ...
Predictive runtime enforcement
Runtime enforcement (RE) is a technique to ensure that the (untrustworthy) output of a black-box system satisfies some desired properties. In RE, the output of the running system, modeled as a sequence of events, is fed into an enforcer. The enforcer ...
Comments