Skip to main content
SpringerLink
Log in

Real-Time Policy Enforcement with Metric First-Order Temporal Logic

  • Conference paper
  • First Online:
Computer Security – ESORICS 2022 (ESORICS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13555))

Included in the following conference series:

Abstract

Correctness and regulatory compliance of today’s software systems are crucial for our safety and security. This can be achieved with policy enforcement: the process of monitoring and possibly modifying system behavior to satisfy a given policy. The enforcer’s capabilities determine which policies are enforceable.

We study the enforceability of policies specified in metric first-order temporal logic (MFOTL) with enforcers that can cause and suppress different system actions in real time. We consider an expressive safety fragment of MFOTL and show that a policy from that fragment is enforceable if and only if it is equivalent to a policy in a simpler, syntactically defined MFOTL fragment. We then propose an enforcement algorithm for all monitorable policies from the latter fragment, and show that our EnfPoly enforcer outperforms state-of-the-art tools.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Change history

  • 20 October 2022

    The original version of this chapter was revised. The original figure-1 was loaded.

References

  1. Abadi, M., Lamport, L., Wolper, P.: Realizable and unrealizable specifications of reactive systems. In: Ausiello, G., Dezani-Ciancaglini, M., Della Rocca, S.R. (eds.) ICALP 1989. LNCS, vol. 372, pp. 1–17. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0035748

    Chapter  Google Scholar 

  2. Aceto, L., Cassar, I., Francalanza, A., Ingólfsdóttir, A.: On bidirectional runtime enforcement. In: Peters, K., Willemse, T.A.C. (eds.) FORTE 2021. LNCS, vol. 12719, pp. 3–21. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78089-0_1

    Chapter  Google Scholar 

  3. Alur, R., Feder, T., Henzinger, T.: The benefits of relaxing punctuality. J. ACM 43(1), 116–146 (1996). https://doi.org/10.1145/227595.227602

    Article  MathSciNet  MATH  Google Scholar 

  4. Ames, S.R., Gasser, M., Schell, R.R.: Security kernel design and implementation: an introduction. Computer 16(7), 14–22 (1983). https://doi.org/10.1109/MC.1983.1654439

    Article  Google Scholar 

  5. Arfelt, E., Basin, D., Debois, S.: Monitoring the GDPR. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 681–699. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_33

    Chapter  Google Scholar 

  6. Asarin, E., Maler, O., Pnueli, A.: Symbolic controller synthesis for discrete and timed systems. In: Antsaklis, P., Kohn, W., Nerode, A., Sastry, S. (eds.) HS 1994. LNCS, vol. 999, pp. 1–20. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60472-3_1

  7. Bartocci, Ezio, Falcone, Yliès (eds.): Lectures on Runtime Verification. LNCS, vol. 10457. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-75632-5

    Book  Google Scholar 

  8. Basin, D., et al.: A formally verified, optimized monitor for metric first-order dynamic logic. In: Peltier, N., Sofronie-Stokkermans, V. (eds.) IJCAR 2020. LNCS (LNAI), vol. 12166, pp. 432–453. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51074-9_25

  9. Basin, D., Debois, S., Hildebrandt, T.: In the nick of time: proactive prevention of obligation violations. In: Computer Security Foundations Symposium (CSF), pp. 120–134. IEEE (2016). https://doi.org/10.1109/CSF.2016.16

  10. Basin, D., Debois, S., Hildebrandt, T.: Proactive enforcement of provisions and obligations. J. Comput. Secur. (to appear)

    Google Scholar 

  11. Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. 16(1), 1–26 (2013). https://doi.org/10.1007/978-3-642-28641-4_17

    Article  MATH  Google Scholar 

  12. Basin, D., Klaedtke, F., Müller, S., Zălinescu, E.: Monitoring metric first-order temporal properties. J. ACM 62(2), 1–45 (2015). https://doi.org/10.1145/2699444

    Article  MathSciNet  MATH  Google Scholar 

  13. Basin, D., Klaedtke, F., Zalinescu, E.: The MonPoly monitoring tool. In: Reger, G., Havelund, K. (eds.) International Workshop on Competitions, Usability, Benchmarks, Evaluation, and Standardisation for Runtime Verification Tools (RV-CuBES), vol. 3, pp. 19–28. Kalpa (2017). https://doi.org/10.29007/89hs

  14. Bauer, L., Ligatti, J., Walker, D.: More enforceable security policies. In: Workshop on Foundations of Computer Security (FCS). Citeseer (2002)

    Google Scholar 

  15. Behrmann, G., Cougnard, A., David, A., Fleury, E., Larsen, K.G., Lime, D.: UPPAAL-Tiga: time for playing games! In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 121–125. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73368-3_14

    Chapter  Google Scholar 

  16. Bohy, A., Bruyère, V., Filiot, E., Jin, N., Raskin, J.-F.: Acacia+, a tool for LTL synthesis. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 652–657. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_45

    Chapter  Google Scholar 

  17. Bouyer, P., Bozzelli, L., Chevalier, F.: Controller synthesis for MTL specifications. In: Baier, C., Hermanns, H. (eds.) CONCUR 2006. LNCS, vol. 4137, pp. 450–464. Springer, Heidelberg (2006). https://doi.org/10.1007/11817949_30

    Chapter  Google Scholar 

  18. Brihaye, T., Geeraerts, G., Ho, H.-M., Monmege, B.: MightyL: a compositional translation from MITL to timed automata. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10426, pp. 421–440. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63387-9_21

  19. Bulychev, P., David, A., Larsen, K., Li, G.: Efficient controller synthesis for a fragment of MTL\({}_{{0,{\infty }}}\). Acta Inf. 51(3-4), 165–192 (2014). https://doi.org/10.1007/s00236-013-0189-z

  20. Chomicki, J.: Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans. Database Syst. 20(2), 149–186 (1995). https://doi.org/10.1145/210197.210200

    Article  Google Scholar 

  21. Dolzhenko, E., Ligatti, J., Reddy, S.: Modeling runtime enforcement with mandatory results automata. Int. J. Inf. Secur. 14(1), 47–60 (2014). https://doi.org/10.1007/s10207-014-0239-8

    Article  Google Scholar 

  22. Donzé, A., Raman, V.: BluSTL: controller synthesis from signal temporal logic specifications. In: Frehse, G., Althoff, M. (eds.) International Workshop on Applied veRification for Continuous & Hybrid Systems (ARCH@CPSWeek). EPiC, vol. 34, pp. 160–168. EasyChair (2015). https://doi.org/10.29007/g39q

  23. Ehlers, R.: Unbeast: symbolic bounded synthesis. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 272–275. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19835-9_25

    Chapter  Google Scholar 

  24. Erlingsson, Ú., Schneider, F.: SASI enforcement of security policies: a retrospective. In: Kienzle, D., Zurko, M.E., Greenwald, S., Serbau, C. (eds.) Workshop on New Security Paradigms, pp. 87–95. ACM (1999). https://doi.org/10.1145/335169.335201

  25. Falcone, Y., Jéron, T., Marchand, H., Pinisetty, S.: Runtime enforcement of regular timed properties by suppressing and delaying events. Sci. Comp. Program. 123, 2–41 (2016). https://doi.org/10.1016/j.scico.2016.02.008

    Article  Google Scholar 

  26. Falcone, Y., Krstić, S., Reger, G., Traytel, D.: A taxonomy for classifying runtime verification tools. Int. J. Softw. Tools Technol. Transfer 23(2), 255–284 (2021). https://doi.org/10.1007/s10009-021-00609-z

    Article  Google Scholar 

  27. Falcone, Y., Mounier, L., Fernandez, J., Richier, J.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Form. Methods Syst. Des. 38(3), 223–262 (2011). https://doi.org/10.1007/s10703-011-0114-4

    Article  MATH  Google Scholar 

  28. Falcone, Y., Pinisetty, S.: On the runtime enforcement of timed properties. In: Finkbeiner, B., Mariani, L. (eds.) RV 2019. LNCS, vol. 11757, pp. 48–69. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32079-9_4

  29. Filiot, E., Jin, N., Raskin, J.: Antichains and compositional algorithms for LTL synthesis. Form. Methods Syst. Des. 39(3), 261–296 (2011). https://doi.org/10.1007/s10703-011-0115-3

    Article  MATH  Google Scholar 

  30. Havelund, K., Peled, D., Ulus, D.: DejaVu: a monitoring tool for first-order temporal logic. In: Workshop on Monitoring and Testing of Cyber-Physical Systems (MT-CPS), pp. 12–13. IEEE (2018). https://doi.org/10.1109/MT-CPS.2018.00013

  31. Havelund, K., Peled, D., Ulus, D.: First-order temporal logic monitoring with BDDs. Form. Methods Syst. Des. 56(1), 1–21 (2020). https://doi.org/10.1007/s10703-018-00327-4

  32. Hofmann, T., Schupp, S.: TACoS: a tool for MTL controller synthesis. In: Calinescu, R., Păsăreanu, C.S. (eds.) SEFM 2021. LNCS, vol. 13085, pp. 372–379. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92124-8_21

  33. Hublet, F.: The Databank Model. Master’s thesis, ETH Zürich (2021)

    Google Scholar 

  34. Hublet, F., Basin, D., Krstić, S.: EnfPoly’s development repository (2022). https://gitlab.ethz.ch/fhublet/mfotl-enforcement

  35. Hublet, F., Basin, D., Krstić, S.: Real-time policy enforcement with metric first-order temporal logic. Tech. rep., ETH Zürich, Extended Report (2022). https://gitlab.ethz.ch/fhublet/mfotl-enforcement/-/blob/main/paper/extended.pdf

  36. Jobstmann, B., Bloem, R.: Optimizations for LTL synthesis. In: International Conference Formal Methods in Computer-Aided Design (FMCAD), pp. 117–124. IEEE (2006). https://doi.org/10.1109/FMCAD.2006.22

  37. Khoussainov, B., Nerode, A.: Automatic presentations of structures. In: Leivant, D. (ed.) LCC 1994. LNCS, vol. 960, pp. 367–392. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-60178-3_93

  38. Krstić, S., Schneider, J.: A benchmark generator for online first-order monitoring. In: Deshmukh, J., Ničković, D. (eds.) RV 2020. LNCS, vol. 12399, pp. 482–494. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60508-7_27

    Chapter  Google Scholar 

  39. Kupferman, O., Vardi, M.Y.: Safraless decision procedures. In: Symposium on Foundations of Computer Science (FOCS), pp. 531–542. IEEE (2005). https://doi.org/10.1109/SFCS.2005.66

  40. Li, G., Jensen, P., Larsen, K., Legay, A., Poulsen, D.: Practical controller synthesis for mtl\({}_{{0, {\infty }}}\). In: Erdogmus, H., Havelund, K. (eds.) ACM SIGSOFT International SPIN Symposium on Model Checking of Software, pp. 102–111. ACM (2017). https://doi.org/10.1145/3092282.3092303

  41. Ligatti, J., Bauer, L., Walker, D.: Enforcing non-safety security policies with program monitors. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 355–373. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_21

  42. Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 1–41 (2009). https://doi.org/10.1145/1455526.1455532

    Article  Google Scholar 

  43. Maler, O., Nickovic, D., Pnueli, A.: From MITL to timed automata. In: Asarin, E., Bouyer, P. (eds.) FORMATS 2006. LNCS, vol. 4202, pp. 274–289. Springer, Heidelberg (2006). https://doi.org/10.1007/11867340_20

  44. Peter, H.-J., Ehlers, R., Mattmüller, R.: Synthia: verification and synthesis for timed automata. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 649–655. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_52

    Chapter  Google Scholar 

  45. Pinisetty, S., Falcone, Y., Jéron, T., Marchand, H.: TiPEX: a tool chain for timed property enforcement during eXecution. In: Bartocci, E., Majumdar, R. (eds.) RV 2015. LNCS, vol. 9333, pp. 306–320. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-23820-3_22

  46. Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: ACM Symposium on Principles of Programming Languages (POPL), pp. 179–190. ACM (1989). https://doi.org/10.1145/75277.75293

  47. Pnueli, A., Rosner, R.: On the synthesis of an asynchronous reactive module. In: Ausiello, G., Dezani-Ciancaglini, M., Della Rocca, S.R. (eds.) ICALP 1989. LNCS, vol. 372, pp. 652–671. Springer, Heidelberg (1989). https://doi.org/10.1007/BFb0035790

    Chapter  Google Scholar 

  48. Raman, V., Donzé, A., Sadigh, D., Murray, R., Seshia, S.: Reactive synthesis from signal temporal logic specifications. In: Girard, A., Sankaranarayanan, S. (eds.) International Conference on Hybrid Systems: Computation & Control (HSCC), pp. 239–248. ACM (2015). https://doi.org/10.1145/2728606.2728628

  49. Renard, M., Rollet, A., Falcone, Y.: GREP: games for the runtime enforcement of properties. In: Yevtushenko, N., Cavalli, A.R., Yenigün, H. (eds.) ICTSS 2017. LNCS, vol. 10533, pp. 259–275. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-67549-7_16

    Chapter  Google Scholar 

  50. Riganelli, O., Micucci, D., Mariani, L.: Policy enforcement with proactive libraries. In: International Symposium on Software Engineering for Adaptive and Self-Managing Systems (SEAMS), pp. 182–192. IEEE (2017). https://doi.org/10.1109/SEAMS.2017.9

  51. Rushby, J.: Design and verification of secure systems. In: Howard, J., Reed, D. (eds.) Symposium on Operating System Principles (SOSP), pp. 12–21. ACM (1981). https://doi.org/10.1145/800216.806586

  52. Rushby, J.: Kernels for safety. In: Safe and Secure Computing Systems, pp. 210–220 (1989)

    Google Scholar 

  53. Schewe, S., Finkbeiner, B.: Bounded synthesis. In: Namjoshi, K.S., Yoneda, T., Higashino, T., Okamura, Y. (eds.) ATVA 2007. LNCS, vol. 4762, pp. 474–488. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-75596-8_33

  54. Schneider, F.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000). https://doi.org/10.1145/353323.353382

    Article  Google Scholar 

  55. Schneider, J., Basin, D., Krstić, S., Traytel, D.: A formally verified monitor for metric first-order temporal logic. In: Finkbeiner, B., Mariani, L. (eds.) RV 2019. LNCS, vol. 11757, pp. 310–328. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32079-9_18

    Chapter  Google Scholar 

  56. Zhu, S., Tabajara, L.M., Li, J., Pu, G., Vardi, M.Y.: A symbolic approach to safety ltl synthesis. In: HVC 2017. LNCS, vol. 10629, pp. 147–162. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70389-3_10

Download references

Acknowledgments

We thank Dmitriy Traytel and three anonymous ESORICS reviewers for their helpful comments. François Hublet is supported by the Swiss National Science Foundation grant “Model-driven Security & Privacy” (204796).

Author information

Authors and Affiliations

  1. Institute of Information Security, Department of Computer Science, ETH Zürich, Zurich, Switzerland

    François Hublet, David Basin & Srđan Krstić

Authors
  1. François Hublet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Srđan Krstić
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to François Hublet .

Editor information

Editors and Affiliations

  1. Rutgers University, Newark, NJ, USA

    Vijayalakshmi Atluri

  2. Hamad Bin Khalifa University, Doha, Qatar

    Roberto Di Pietro

  3. Technical University of Denmark, Kongens Lyngby, Denmark

    Christian D. Jensen

  4. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

A Evaluation Data

A Evaluation Data

Table 1 shows the raw evaluation data produced by our experiments. The table on the left contains the data obtained when answering RQ1, while the data in the table on the right is obtained when answering RQ2. In the former we use three policies \(\chi _1\), \(\chi _2\), and \(\chi _3\), while in the latter we generate random enforceable and monitorable MFOTL formulae.

Table 1. Mean runtime performance (standard deviation) for various parameter values
Full size table

Parameter d is the depth of the generated random formulae, while I defines the sample space for the bounds of temporal operator intervals: \(\lbrace (i,j) \in \lbrace 0, \dots , I\rbrace ^2 \mid i \le j\rbrace \).

Random traces have length \(L\cdot n\) with timestamps \(1, 2, \dots , L\), each repeated n times. Event names are sampled uniformly from \(\mathbb {E}=\{\texttt {A},\texttt {B},\texttt {C}\}\), while their arguments are sampled uniformly from \(\lbrace 1, \dots , A\rbrace \). The number of events in a database is sampled according to the binomial distribution with n trials and success probability p.

Given parameters \(n, A, d, I \in \mathbb {N}\) and \(p \in [0,1]\), both tools are executed on pairs of independently generated random traces and enforceable and monitorable \(\textrm{MFOTL}_{{\square }}^{\mathcal {F}}\) formulae with the same combinations of parameters repeated N times.

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hublet, F., Basin, D., Krstić, S. (2022). Real-Time Policy Enforcement with Metric First-Order Temporal Logic. In: Atluri, V., Di Pietro, R., Jensen, C.D., Meng, W. (eds) Computer Security – ESORICS 2022. ESORICS 2022. Lecture Notes in Computer Science, vol 13555. Springer, Cham. https://doi.org/10.1007/978-3-031-17146-8_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-17146-8_11

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-17145-1

  • Online ISBN: 978-3-031-17146-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation