Formal Methods in System Design

, Volume 49, Issue 1–2, pp 75–108 | Cite as

Scalable offline monitoring of temporal specifications

  • David Basin
  • Germano Caronni
  • Sarah Ereth
  • Matúš Harvan
  • Felix Klaedtke
  • Heiko Mantel


We propose an approach to monitoring IT systems offline where system actions are logged in a distributed file system and subsequently checked for compliance against policies formulated in an expressive temporal logic. The novelty of our approach is that monitoring is parallelized so that it scales to large logs. Our technical contributions comprise a formal framework for slicing logs, an algorithmic realization based on MapReduce, and a high-performance implementation. We evaluate our approach analytically and experimentally, proving the soundness and completeness of our slicing techniques and demonstrating its practical feasibility and efficiency on real-world logs with 400 GB of relevant data.


Verification Monitoring Temporal Logic MapReduce 


  1. 1.
    Abiteboul S, Hull R, Vianu V (1994) Foundations of databases: the logical level. Addison-Wesley, ReadingGoogle Scholar
  2. 2.
    Alur R, Henzinger TA (1992) Logics and models of real time: a survey. In: Proceedings of the 1991 REX workshop on real time: theory in practice (Lecture notes in computer science), vol 600, pp 74–106Google Scholar
  3. 3.
    Baier C, Katoen J-P (2008) Principles of model checking. The MIT Press, CambridgezbMATHGoogle Scholar
  4. 4.
    Barre B, Klein M, Soucy-Boivin M, Ollivier P-A, Hallé S (2013) MapReduce for parallel trace validation of LTL properties. In: Proceedings of the 3rd international conference on runtime verification (Lecture notes in computer science), vol 7687, pp 184–198Google Scholar
  5. 5.
    Barringer H, Goldberg A, Havelund K, Sen K (2004) Rule-based runtime verification. In: Proceedings of the 5th international conference on verification, model checking and abstract interpretation (Lecture notes in computer science), vol 2937, pp 44–57Google Scholar
  6. 6.
    Barringer H, Groce A, Havelund K, Smith M (2010) Formal analysis of log files. J Aero Comput Inform Comm 7:365–390CrossRefGoogle Scholar
  7. 7.
    Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: Proceedings of the 2006 IEEE symposium on security and privacy, pp 184–198Google Scholar
  8. 8.
    Basin D, Caronni G, Ereth S, Harvan M, Klaedtke F, Mantel H (2014) Scalable offline monitoring. In: Proceedings of the 14th international conference on runtime verification (Lecture notes in computer science), vol 8734, pp 31–47Google Scholar
  9. 9.
    Basin D, Harvan M, Klaedtke F, Zălinescu E (2012) MONPOLY: Monitoring usage-control policies. In: Proceedings of the 2nd international conference on runtime verification (Lecture notes in computer science), vol 7186, pp 360–364Google Scholar
  10. 10.
    Basin D, Harvan M, Klaedtke F, Zălinescu E (2013) Monitoring data usage in distributed systems. IEEE Trans Softw Eng 39(10):1403–1426CrossRefGoogle Scholar
  11. 11.
    Basin D, Klaedtke F, Müller S, Zălinescu E (2015) Monitoring metric first-order temporal properties. J ACM 62(2):15MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Bauer A, Goré R, Tiu A (2009) A first-order policy language for history-based transaction monitoring. In: Proceedings of the 6th international colloquium on theoretical aspects of computing (Lecture notes in computer science), vol 5684, pp 96–111Google Scholar
  13. 13.
    Bianculli D, Ghezzi C, Krstić S (2014) Trace checking of metric temporal logic with aggregating modalities using MapReduce. In: Proceedings of the 12th international conference on software engineering and formal methods (Lecture notes in computer science), vol 8702, pp 144–158Google Scholar
  14. 14.
    Chomicki J (1995) Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans Database Syst 20(2):149–186CrossRefGoogle Scholar
  15. 15.
    Chowdhury O, Jia L, Garg D, Datta A (2014) Temporal mode-checking for runtime monitoring of privacy policies. In: Proceedings of the 26th international conference on computer aided verification (Lecture notes in computer science), vol 8559, pp 131–149Google Scholar
  16. 16.
    Dean J, Ghemawat S (2008) MapReduce: simplified data processing on large clusters. Commun ACM 51(1):107–113CrossRefGoogle Scholar
  17. 17.
    De Young H, Garg D, Jia L, Kaynar D, Datta A (2010) Experiences in the logical specification of the HIPAA and GLBA privacy laws. In: Proceedings of the 9th annual ACM workshop on privacy in the electronic society, pp 73–82Google Scholar
  18. 18.
    Dinesh N, Joshi AK, Lee I, Sokolsky O (2008) Checking traces for regulatory conformance. In: Proceedings of the 8th international workshop on runtime verification (Lecture notes in computer science), vol 5289, pp 86–103Google Scholar
  19. 19.
    Enderton H (2001) A mathematical introduction to logic, 2nd edn. Academic Press, San DiegozbMATHGoogle Scholar
  20. 20.
    Garg D, Jia L, Datta A (2011) Policy auditing over incomplete logs: theory, implementation and applications. In: Proceedings of the 18th ACM conference on computer and communications security, pp 151–162Google Scholar
  21. 21.
    Groce A, Havelund K, Smith M (2010) From scripts to specification: The evaluation of a flight testing effort. In: Proceedings of the 32nd ACM/IEEE international conference on software engineering, vol 2, pp 129–138Google Scholar
  22. 22.
    Hallé S, Villemaire R (2012) Runtime enforcement of web service message contracts with data. IEEE Trans Serv Comput 5(2):192–206CrossRefGoogle Scholar
  23. 23.
    Hilty M, Pretschner A, Basin DA, Schaefer C, Walter T (2007) A policy language for distributed usage control. In: Proceedings of the 12th european symposium on research in computer security (Lecture notes in computer science), vol 4734, pp 531–546Google Scholar
  24. 24.
    Koymans R (1990) Specifying real-time properties with metric temporal logic. Real-Time Syst 2(4):255–299CrossRefGoogle Scholar
  25. 25.
    Lamport L (1994) The temporal logic of actions. ACM Trans Program Lang Syst 16(3):872–923CrossRefGoogle Scholar
  26. 26.
    Maggi FM, Montali M, Westergaard M, van der Aalst WMP (2011) Monitoring business constraints with linear temporal logic: an approach based on colored automata. In: Proceedings of the 9th international conference on business process management (Lecture notes in computer science), vol 6896, pp 132–147Google Scholar
  27. 27.
    Medhat R, Joshi Y, Bonakdarpour B, Fischmeister S (2014) Accelerated runtime verification of LTL specifications with counting semantics. CoRR: Computing Research Repository - arXiv,
  28. 28.
    Mittal N, Garg VK (2005) Techniques and applications of computation slicing. Distrib Comput 17(3):251–277CrossRefzbMATHGoogle Scholar
  29. 29.
    Wikipedia MurmurHash (2015) the free encyclopedia. Accessed 2 March 2015.
  30. 30.
    Neumeyer L, Robbins B, Nair A, Kesari A (2010) S4: Distributed stream computing. In: Proceedings of the 11th international conference on data mining workshops, pp 170–177Google Scholar
  31. 31.
    Park J, Sandhu R (2004) The \(\text{ UCON }_{\text{ ABC }}\) usage control model. ACM Trans Inform Syst Secur 7(1):128–174CrossRefGoogle Scholar
  32. 32.
    Pnueli A (1977) The temporal logic of programs. In: Proceedings of the 18th IEEE symposium on foundations of computer science, pp 46–57Google Scholar
  33. 33.
    Protocol Buffers: Google’s data interchange format. Accessed 2 March 2015.
  34. 34.
    Roşu G, Chen F (2012) Semantics and algorithms for parametric monitoring. Log Method Comput Sci 8(1):1–47MathSciNetzbMATHGoogle Scholar
  35. 35.
    Roger M, Goubault-Larrecq J (2001) Log auditing through model-checking. In: Proceedings of the 14th IEEE computer security foundations workshop, pp 220–234Google Scholar
  36. 36.
    Sistla AP, Wolfson O (1995) Temporal triggers in active databases. IEEE Trans Knowl Data Eng 7(3):471–486CrossRefGoogle Scholar
  37. 37.
    STORM: Distributed and fault-tolerant realtime computation. Apache Storm. Accessed 2 March 2015.
  38. 38.
    Weiser M (1982) Programmers use slices when debugging. Commun ACM 25(7):446–452CrossRefGoogle Scholar
  39. 39.
    Zhang X, Parisi-Presicce F, Sandhu R, Park J (2005) Formal model and policy specification of usage control. ACM Trans Inform Syst Secur 8(4):351–387CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2016

Authors and Affiliations

  • David Basin
    • 1
  • Germano Caronni
    • 2
  • Sarah Ereth
    • 3
  • Matúš Harvan
    • 4
  • Felix Klaedtke
    • 5
  • Heiko Mantel
    • 3
  1. 1.Department of Computer ScienceETH ZurichZurichSwitzerland
  2. 2.Google IncZurichSwitzerland
  3. 3.Department of Computer ScienceTU DarmstadtDarmstadtGermany
  4. 4.ABB Corporate ResearchBadenSwitzerland
  5. 5.NEC Europe LtdHeidelbergGermany

Personalised recommendations