Abstract
This tutorial deals with runtime enforcement and advocates its use as an extension of runtime verification. While research efforts in runtime verification have been mainly concerned with detection of misbehaviors and acknowledgement of desired behaviors, runtime enforcement aims mainly to circumvent misbehaviors of systems and to guarantee desired behaviors. First, we propose a comparison between runtime verification and runtime enforcement. We then present previous theoretical models of runtime enforcement mechanisms and their expressive power with respect to enforcement. Then, we overview existing work on runtime enforcement monitor synthesis. Finally, we propose some future challenges for the runtime enforcement technique.
A longer version with more results and examples is available on the author’s webpage.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Havelund, K., Goldberg, A.: Verify your runs. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 374–383. Springer, Heidelberg (2008)
Leucker, M., Schallhart, C.: A brief account of runtime verification. Journal of Logic and Algebraic Programming 78, 293–303 (2008)
Schneider, F.B.: Enforceable security policies. ACM Transactions on Information and System Security 3 (2000)
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Transaction Information System Security 12 (2009)
Hamlen, K.W., Morrisett, G., Schneider, F.B.: Computability classes for enforcement mechanisms. ACM Trans. Programming Lang. and Syst. 28, 175–205 (2006)
Falcone, Y., Fernandez, J.C., Mounier, L.: Enforcement monitoring wrt. the safety-progress classification of properties. In: SAC 2009: Proceedings of the ACM symposium on Applied Computing, pp. 593–600 (2009)
Dam, M., Jacobs, B., Lundblad, A., Piessens, F.: Security monitor inlining for multithreaded Java. In: Drossopoulou, S. (ed.) ECOOP 2009 – Object-Oriented Programming. LNCS, vol. 5653, pp. 546–569. Springer, Heidelberg (2009)
Aktug, I., Dam, M., Gurov, D.: Provably correct runtime monitoring. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008. LNCS, vol. 5014, pp. 262–277. Springer, Heidelberg (2008)
Erlingsson, U., Schneider, F.B.: SASI enforcement of security policies: a retrospective. In: NSPW 1999: Workhop on New Security Paradigms, pp. 87–95 (2000)
Cirstea, H., Moreau, P.E., de Oliveira, A.S.: Rewrite based specification of access control policies. Electron. Notes Theor. Comput. Sci. 234, 37–54 (2009)
de Oliveira, A.S., Wang, E.K., Kirchner, C., Kirchner, H.: Weaving rewrite-based access control policies. In: FMSE 2007: Proceedings of the ACM workshop on Formal Methods in Security Engineering, pp. 71–80 (2007)
Havelund, K., Rosu, G.: An overview of the runtime verification tool Java PathExplorer. Formal Methods in System Design 24 (2003)
Havelund, K.: Runtime verification of C programs. In: Suzuki, K., Higashino, T., Ulrich, A., Hasegawa, T. (eds.) TestCom/FATES 2008. LNCS, vol. 5047, pp. 7–22. Springer, Heidelberg (2008)
Drusinsky, D.: The Temporal Rover and the ATG rover. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 323–330. Springer, Heidelberg (2000)
Chen, F., Roşu, G.: MOP: An Efficient and Generic Runtime Verification Framework. In: OOPSLA 2007: Object-Oriented Programming, Systems, Languages and Applications, pp. 569–588 (2007)
Chen, F., Rosu, G.: Parametric trace slicing and monitoring. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 246–261. Springer, Heidelberg (2009)
Emerson, E.A.: Temporal and modal logic. In: Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics (B), pp. 995–1072 (1990)
Lamport, L.: Proving the correctness of multiprocess programs. IEEE Transactions on Software Engineering 3, 125–143 (1977)
Alpern, B., Schneider, F.B.: Defining Liveness. Information Processing Letters 21, 181–185 (1985)
Manna, Z., Pnueli, A.: Adequate proof principles for invariance and liveness properties of concurrent programs. Sci. Comput. Program. 4, 257–289 (1984)
Owicki, S., Lamport, L.: Proving liveness properties of concurrent programs. ACM Transaction Programming Languages and Systems 4, 455–495 (1982)
Sistla, A.P.: On characterization of safety and liveness properties in temporal logic. In: PODC 1985: Proceedings of the 4th annual ACM symposium on Principles of distributed computing, pp. 39–48 (1985)
Manna, Z., Pnueli, A.: A hierarchy of temporal properties (invited paper, 1989). In: PODC 1990: Proceedings of the 9th annual ACM symposium on Principles of distributed computing, pp. 377–410 (1990)
Chang, E.Y., Manna, Z., Pnueli, A.: Characterization of temporal property classes. In: Kuich, W. (ed.) ICALP 1992. LNCS, vol. 623, pp. 474–486. Springer, Heidelberg (1992)
Chang, E., Manna, Z., Pnueli, A.: The Safety-Progress Classification. Technical report, Stanford University, Dept. of Computer Science (1992)
Streett, R.S.: Propositional Dynamic Logic of looping and converse. In: STOC 1981: Proceedings of the 13th Symp. on Theory Of computing, pp. 375–383. ACM, New York (1981)
Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? Software Tools for Technology Transfer, special issue on Runtime Verification (2010), Invited Paper, under review. Preprint as Verimag TR-2010-5
Runtime Verification (2001-2009), http://www.runtime-verification.org
Colin, S., Mariani, L.: Run-time verification. In: Broy, M., Jonsson, B., Katoen, J.-P., Leucker, M., Pretschner, A. (eds.) Model-Based Testing of Reactive Systems. LNCS, vol. 3472, pp. 525–556. Springer, Heidelberg (2005)
Chen, F., Şerbănuţă, T.F., Roşu, G.: jPredictor: a predictive runtime analysis tool for Java. In: ICSE 2008: Proceedings of the 30th International Conference on Software Engineering, pp. 221–230 (2008)
Bodden, E., Havelund, K.: Racer: Effective race detection using AspectJ. IEEE Transactions on Software Engineering (2009)
Bensalem, S., Havelund, K.: Dynamic deadlock analysis of multi-threaded programs. In: Ur, S., Bin, E., Wolfsthal, Y. (eds.) HVC 2005. LNCS, vol. 3875, pp. 208–223. Springer, Heidelberg (2006)
Flanagan, C., Freund, S.N.: Atomizer: a dynamic atomicity checker for multithreaded programs. In: POPL 2004: Proceedings of the 31st ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 256–267 (2004)
Bielova, N., Massacci, F.: Do you really mean what you actually enforced? In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 287–301. Springer, Heidelberg (2009)
Kiczales, G., Lamping, J., Mendhekar, A., Maeda, C., Lopes, C.V., Loingtier, J.M., Irwin, J.: Aspect-oriented programming. In: Aksit, M., Matsuoka, S. (eds.) ECOOP 1997. LNCS, vol. 1241, pp. 220–242. Springer, Heidelberg (1997)
The Apache Jakarta Project: Byte Code Engineering Library (2009), http://jakarta.apache.org/bcel/
Delgado, N., Gates, A.Q., Roach, S.: A taxonomy and catalog of runtime software-fault monitoring tools. IEEE Trans. on Software Engineering 30, 859–872 (2004)
Viswanathan, M., Kim, M.: Foundations for the run-time monitoring of reactive systems - fundamentals of the MaC language. In: Liu, Z., Araki, K. (eds.) ICTAC 2004. LNCS, vol. 3407, pp. 543–556. Springer, Heidelberg (2005)
Pnueli, A., Zaks, A.: PSL model checking and run-time verification via testers. In: Misra, J., Nipkow, T., Sekerinski, E. (eds.) FM 2006. LNCS, vol. 4085, pp. 573–586. Springer, Heidelberg (2006)
Bauer, A., Leucker, M., Schallhart, C.: Comparing LTL semantics for runtime verification. Journal of Logic and Computation (2009)
Falcone, Y., Fernandez, J.-C., Mounier, L.: Runtime verification of safety-progress properties. In: Bensalem, S., Peled, D. (eds.) RV 2009. LNCS, vol. 5779, pp. 40–59. Springer, Heidelberg (2009)
Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. Technical Report TUM-I0724, Technische Universität München (2007)
d’Amorim, M., Roşu, G.: Efficient monitoring of ω-languages. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 364–378. Springer, Heidelberg (2005)
Barringer, H., Rydeheard, D.E., Havelund, K.: Rule systems for run-time monitoring: From Eagle to RuleR. In: Sokolsky, O., Taşıran, S. (eds.) RV 2007. LNCS, vol. 4839, pp. 111–125. Springer, Heidelberg (2007)
Ligatti, J.A.: Policy Enforcement via Program Monitoring. PhD thesis, Princeton University (2006)
Falcone, Y., Mounier, L., Fernandez, J.C., Richier, J.L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities (2010), under revision at Formal Methods in System Design. Preprint as Verimag TR 2008-7
Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. Int. Journal of Information Security 4, 2–16 (2005)
Fong, P.W.L.: Access control by tracking shallow execution history. In: Proceedings of the 2004 IEEE Symposium on Security and Privacy, pp. 43–55 (2004)
Talhi, C., Tawbi, N., Debbabi, M.: Execution monitoring enforcement for limited-memory systems. In: PST 2006: Proceedings of the International Conference on Privacy, Security and Trust, pp. 1–12 (2006)
Viswanathan, M.: Foundations for the run-time analysis of software systems. PhD thesis, University of Pennsylvania, Philadelphia, PA, USA (2000)
Beauquier, D., Cohen, J., Lanotte, R.: Security policies enforcement using finite edit automata. Electr. Notes Theor. Comput. Sci. 229, 19–35 (2009)
Perrin, D., Pin, J.E.: Infinite Words, Automata, Semigroups, Logic and Games. Elsevier, Amsterdam (2004)
Martinelli, F., Matteucci, I.: Through modeling to synthesis of security automata. Electronic Notes in Theoritical Compututer Science 179, 31–46 (2007)
Matteucci, I.: Automated synthesis of enforcing mechanisms for security properties in a timed setting. Elec. Notes in Theoritical Comp. Science 186, 101–120 (2007)
Falcone, Y., Fernandez, J.C., Mounier, L.: Synthesizing enforcement monitors wrt. the safety-progress classification of properties. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 41–55. Springer, Heidelberg (2008)
Chabot, H., Khoury, R., Tawbi, N.: Generating in-line monitors for Rabin automata. In: NordSec 2009: 14th Nordic Conf. on Secure IT Systems, pp. 287–301 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Falcone, Y. (2010). You Should Better Enforce Than Verify. In: Barringer, H., et al. Runtime Verification. RV 2010. Lecture Notes in Computer Science, vol 6418. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16612-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-16612-9_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16611-2
Online ISBN: 978-3-642-16612-9
eBook Packages: Computer ScienceComputer Science (R0)