Advertisement

Formal Methods in System Design

, Volume 45, Issue 3, pp 381–422 | Cite as

Runtime enforcement of timed properties revisited

  • Srinivas Pinisetty
  • Yliès FalconeEmail author
  • Thierry Jéron
  • Hervé Marchand
  • Antoine Rollet
  • Omer Nguena Timo
Article

Abstract

Runtime enforcement is a powerful technique to ensure that a running system satisfies some desired properties. Using an enforcement monitor, an (untrustworthy) input execution (in the form of a sequence of events) is modified into an output sequence that complies with a property. Over the last decade, runtime enforcement has been mainly studied in the context of untimed properties. This paper deals with runtime enforcement of timed properties by revisiting the foundations of runtime enforcement when time between events matters. We propose a new enforcement paradigm where enforcement mechanisms are time retardants: to produce a correct output sequence, additional delays are introduced between the events of the input sequence. We consider runtime enforcement of any regular timed property defined by a timed automaton. We prove the correctness of enforcement mechanisms and prove that they enjoy two usually expected features, revisited here in the context of timed properties. The first one is soundness meaning that the output sequences (eventually) satisfy the required property. The second one is transparency, meaning that input sequences are modified in a minimal way. We also introduce two new features, (i) physical constraints that describe how a time retardant is physically constrained when delaying a sequence of timed events, and (ii) optimality, meaning that output sequences are produced as soon as possible. To facilitate the adoption and implementation of enforcement mechanisms, we describe them at several complementary abstraction levels. Our enforcement mechanisms have been implemented and our experimental results demonstrate the feasibility of runtime enforcement in a timed context and the effectiveness of the mechanisms.

Keywords

Runtime verification Runtime enforcement  Timed properties Timed automata Software engineering 

References

  1. 1.
    Thati P, Rosu G (2005) Monitoring algorithms for metric temporal logic specifications. Electron Notes Theor Comput Sci 113:145–162CrossRefGoogle Scholar
  2. 2.
    Chen F, Rosu G (2009) Parametric trace slicing and monitoring. In: Kowalewski S, Philippou A (eds) Proceedings of the 15th international conference on tools and algorithms for the construction and analysis of systems (TACAS 2009). Lecture notes in computer science, vol 5505. Springer, Heidelberg, pp 246–261Google Scholar
  3. 3.
    Nickovic D, Piterman N (2010) From MTL to deterministic timed automata. In: Chatterjee K, Henzinger TA (eds) Proceedings of the 8th international conference on formal modelling and analysis of timed systems (FORMATS 2010). Lecture notes in computer science, vol 6246. Springer, Berlin, pp 152–167Google Scholar
  4. 4.
    Bauer A, Leucker M, Schallhart C (2011) Runtime verification for LTL and TLTL. ACM Trans Softw Eng Methodol 20:14:1–14:64CrossRefGoogle Scholar
  5. 5.
    Basin D, Klaedtke F, Zalinescu E (2011) Algorithms for monitoring real-time properties. In: Khurshid S, Sen K (eds) Proceedings of the 2nd international conference on runtime verification (RV 2011). Lecture notes in computer science, vol 7186. Springer, Heidelberg, pp 260–275Google Scholar
  6. 6.
    Barringer H, Falcone Y, Havelund K, Reger G, Rydeheard D (2012) Quantified Event Automata: towards expressive and efficient runtime monitors. In: Giannakopoulou D, Mèry D (eds) Proceedings of the 18th international symposium on formal methods (FM 2012). Lecture notes in computer science, vol 7436. Springer, Heidelberg, pp 68–84Google Scholar
  7. 7.
    Schneider FB (2000) Enforceable security policies. ACM Trans Inf Syst Secur 3:30–50CrossRefGoogle Scholar
  8. 8.
    Ligatti J, Bauer L, Walker D (2009) Run-time enforcement of nonsafety policies. ACM Trans Inf Syst Secur 12:19:1–19:41CrossRefGoogle Scholar
  9. 9.
    Falcone Y (2010) You should better enforce than verify. In: Barringer H, Falcone Y, Finkbeiner B, Havelund K, Lee I, Pace GJ, Rosu G, Sokolsky O, Tillmann N (eds) Proceedings of the 1st international conference on runtime verification (RV 2010). Lecture notes in computer science, vol 6418. Springer, Heidelberg, pp 89–105Google Scholar
  10. 10.
    Falcone Y, Mounier L, Fernandez JC, Richier JL (2011) Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Form Methods Syst Des 38:223–262CrossRefzbMATHGoogle Scholar
  11. 11.
    Nickovic D, Maler O (2007) AMT: a property-based monitoring tool for analog systems. In: Raskin JF, Thiagarajan PS, (eds) Proceedings of the 5th international conference on formal modeling and analysis of timed systems (FORMATS 2007). Lecture notes in computer science, vol 4763. Springer, Berlin, pp 304–319Google Scholar
  12. 12.
    Colombo C, Pace GJ, Schneider G (2009) LARVA—safer monitoring of real-time Java programs (tool paper). In: Hung DV, Krishnan P (eds) Proceedings of the 7th IEEE international conference on software engineering and formal methods (SEFM 2009). IEEE Computer Society, Los Alamitos, pp 33–37CrossRefGoogle Scholar
  13. 13.
    Matteucci I (2007) Automated synthesis of enforcing mechanisms for security properties in a timed setting. Electron Notes Theor Comput Sci 186:101–120CrossRefMathSciNetGoogle Scholar
  14. 14.
    Basin D, Jugé V, Klaedtke F, Zălinescu E (2013) Enforceable security policies revisited. ACM Trans Inf Syst Secur 16:3:1–3:26CrossRefGoogle Scholar
  15. 15.
    Pinisetty S, Falcone Y, Jéron T, Marchand H (2014) Runtime enforcement of parametric timed properties with practical applications. In: IEEE international workshop on discrete event systems (to appear)Google Scholar
  16. 16.
    Pinisetty S, Falcone Y, Jéron T, Marchand H, Rollet A, Timo OLN (2012) Runtime enforcement of timed properties. In: Qadeer S, Tasiran S (eds) Proceedings of the 3rd international conference on runtime verification (RV 2012). Lecture notes in computer science, vol 7687. Springer, Heidelberg, pp 229–244Google Scholar
  17. 17.
    Pinisetty S, Falcone Y, Jéron T, Marchand H (2014) Runtime enforcement of regular timed properties. In: Software verification and testing, track of the symposium on applied computing ACM-SAC 2014, pp 1279–1286Google Scholar
  18. 18.
    Alur R, Dill DL (1994) A theory of timed automata. Theor Comput Sci 126:183–235CrossRefzbMATHMathSciNetGoogle Scholar
  19. 19.
    Maler O, Nickovic D, Pnueli A (2006) From MITL to timed automata. In: Asarin E, Bouyer P (eds) Proceedings of the 4th international conference on formal modeling and analysis of timed systems (FORMATS 2006). Lecture notes in computer science. Springer, Berlin, pp 274–289Google Scholar
  20. 20.
    Larsen KG, Pettersson P, Yi W (1997) UPPAAL in a nutshell. Int J Softw Tools Technol Transf 1:134–152CrossRefzbMATHGoogle Scholar
  21. 21.
    Gruhn V, Laue R (2006) Patterns for timed property specifications. Electron Notes Theor Comput Sci 153:117–133CrossRefGoogle Scholar
  22. 22.
    Viswanathan M, Kim M (2004) Foundations for the run-time monitoring of reactive systems—fundamentals of the MaC language. In: ICTAC: international colloquium on theoretical aspects of computing. Lecture notes in computer science, pp 543–556Google Scholar
  23. 23.
    Bielova N, Massacci F (2011) Do you really mean what you actually enforced?—edited automata revisited. Int J Inf Secur 10:239–254CrossRefGoogle Scholar
  24. 24.
    Sammapun U, Lee I, Sokolsky O (2005) RT-MaC: runtime monitoring and checking of quantitative and probabilistic properties. In: 2013 IEEE 19th international conference on embedded and real-time computing systems and applications, pp 147–153Google Scholar
  25. 25.
    Colombo C, Pace GJ, Schneider G (2008) Dynamic event-based runtime monitoring of real-time and contextual properties. In: Cofer DD, Fantechi A (eds) Proceedings of the 13th international workshop on formal methods for industrial critical systems (FMICS 2008). Lecture notes in computer science, vol 5596. Springer, Heidelberg, pp 135–149Google Scholar
  26. 26.
    Colombo C, Pace GJ, Schneider G (2009) Safe runtime verification of real-time properties. In: Ouaknine J, Vaandrager FW (eds) Proceedings of the 7th international conference on formal modeling and analysis of timed systems (FORMATS 2009). Lecture notes in computer science, vol 5813. Springer, Heidelberg, pp 103–117Google Scholar
  27. 27.
    Rinard M (2003) Acceptability-oriented computing. In: Crocker R Jr, Steele GL (eds).: Proceedings of the 2003 ACM SIGPLAN conference on object-oriented programming systems, languages, and applications companion (OOPSLA 03 COMPANION). ACM Press, New York, pp 221–239Google Scholar

Copyright information

© Springer Science+Business Media New York 2014

Authors and Affiliations

  • Srinivas Pinisetty
    • 1
  • Yliès Falcone
    • 2
    Email author
  • Thierry Jéron
    • 1
  • Hervé Marchand
    • 1
  • Antoine Rollet
    • 3
  • Omer Nguena Timo
    • 4
  1. 1.INRIA Rennes-Bretagne AtlantiqueRennesFrance
  2. 2.Laboratoire d’Informatique de GrenobleUniversité Grenoble IGrenobleFrance
  3. 3.LaBRIUniversité de Bordeaux-CNRSBordeauxFrance
  4. 4.CRIM—Centre de recherche informatique de MontréalMontréalCanada

Personalised recommendations