Compositional Runtime Enforcement

Pinisetty, Srinivas; Tripakis, Stavros

doi:10.1007/978-3-319-40648-0_7

Srinivas Pinisetty¹⁵ &
Stavros Tripakis^15,16

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9690))

Included in the following conference series:

NASA Formal Methods Symposium

1386 Accesses
6 Citations

Abstract

Runtime enforcement is a methodology used to enforce that the output of a running system satisfies a desired property. Given a property, an enforcement monitor modifies an (untrusted) sequence of events into a sequence that complies to that property. In practice, we may have not one, but many properties to enforce. Moreover, new properties may arise as new capabilities are added to the system. It then becomes interesting to be able to build not a single, monolithic monitor that enforces all the properties, but rather several monitors, one for each property. The question is to what extent such monitors can be composed, and how. This is the topic of this paper. We study two monitor composition schemes, serial and parallel composition, and show that, while enforcement under these schemes is generally not compositional, it is for certain subclasses of regular properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 54.99; Price excludes VAT (USA)

Softcover Book: USD 69.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
In the rest of the paper the term automaton refers to a deterministic and complete automaton.
2.
In the predictive setting, soundness is restricted to input words that belong to \(\psi \).
3.
Note that in order to compute \(E_{{\varphi _1\triangleright \varphi _2}}\) both \(\varphi _1\) and \(\varphi _2\) need to be known.

References

Bauer, L., Ligatti, J., Walker, D.: Composing expressive runtime security policies. ACM Trans. Softw. Eng. Methodol. 18(3), 9 (2009)
Article Google Scholar
Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015)
Google Scholar
Clarke, E., Long, D., McMillan, K.: Compositional model checking. In: 1989 Fourth Annual Symposium on Logic in Computer Science, LICS 1989, Proceedings., pp. 353–362 (1989)
Google Scholar
Falcone, Y., Jaber, M., Nguyen, T.H., Bozga, M., Bensalem, S.: Runtime verification of component-based systems in the BIP framework with formally-proved sound and complete instrumentation. Softw. Syst. Model. 14(1), 173–199 (2015)
Article Google Scholar
Falcone, Y., Mounier, L., Fernandez, J.C., Richier, J.L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. FMSD 38(3), 223–262 (2011)
MATH Google Scholar
Falcone, Y., Jéron, T., Marchand, H., Pinisetty, S.: Runtime enforcement of regular timed properties by suppressing and delaying events. Sci. Comput. Program. 123, 2–41 (2016)
Article Google Scholar
Godefroid, P.: Compositional dynamic test generation. In: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT. pp. 47–54. POPL, ACM, New York, USA (2007)
Google Scholar
Grumberg, O., Long, D.E.: Model checking and modular verification. ACM Trans. Program. Lang. Syst. 16(3), 843–871 (1994)
Article Google Scholar
Kugler, H., Segall, I.: Compositional synthesis of reactive systems from live sequence chart specifications. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 77–91. Springer, Heidelberg (2009)
Chapter Google Scholar
Levy, J., Saïdi, H., Uribe, T.E.: Combining monitors for runtime system verification. Electron. Notes Theor. Comput. Sci. 70(4), 112–127 (2002). runtime Verification
Article Google Scholar
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of non safety policies. ACM Trans. Inf. Syst. Secur. 12(3), 19:1–19:41 (2009)
Article Google Scholar
Pinisetty, S., Falcone, Y., Jéron, T., Marchand, H., Rollet, A., Nguena Timo, O.: Runtime enforcement of timed properties revisited. FMSD 45(3), 381–422 (2014)
MATH Google Scholar
Pinisetty, S., Preoteasa, V., Tripakis, S., Jéron, T., Falcone, Y., Marchand, H.: Predictive runtime enforcement. In: Symposium on Applied Computing (SAC-SVT). ACM (2016)
Google Scholar
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)
Article Google Scholar

Download references

Acknowledgement

This work was partially supported by the Academy of Finland and the U.S. National Science Foundation (awards #1329759 and #1139138).

Author information

Authors and Affiliations

Aalto University, Espoo, Finland
Srinivas Pinisetty & Stavros Tripakis
University of California, Berkeley, USA
Stavros Tripakis

Authors

Srinivas Pinisetty
View author publications
You can also search for this author in PubMed Google Scholar
Stavros Tripakis
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Srinivas Pinisetty .

Editor information

Editors and Affiliations

University of Minnesota, Minneapolis, Minnesota, USA
Sanjai Rayadurgam
NASA Ames Research Center , Moffett Field, California, USA
Oksana Tkachuk

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Pinisetty, S., Tripakis, S. (2016). Compositional Runtime Enforcement. In: Rayadurgam, S., Tkachuk, O. (eds) NASA Formal Methods. NFM 2016. Lecture Notes in Computer Science(), vol 9690. Springer, Cham. https://doi.org/10.1007/978-3-319-40648-0_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-40648-0_7
Published: 04 June 2016
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-40647-3
Online ISBN: 978-3-319-40648-0
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics