The SERENITY Runtime Monitoring Framework

  • George Spanoudakis
  • Christos Kloukinas
  • Khaled Mahbub
Part of the Advances in Information Security book series (ADIS, volume 45)


This chapter describes SERENITY’s approach to runtime monitoring and the framework that has been developed to support it. Runtime monitoring is required in SERENITY in order to check for violations of security and dependability properties which are necessary for the correct operation of the security and dependability solutions that are available from the SERENITY framework. This chapter discusses how such properties are specified and monitored. The chapter focuses on the activation and execution of monitoring activities using S&D Patterns and the actions that may be undertaken following the detection of property violations. The approach is demonstrated in reference to one of the industrial case studies of the SERENITY project.


Intrusion Detection System Event Capturer Ambient Intelligence Monitoring Framework Truth Value 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adler I et al (1989) An Implementation of Karmarkar's Algorithm for Linear Programming. Mathematical Programming, 44: 297–335zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Lazarevic A, Kumar V, Srivastava J (2006) Intrusion Detection: A Survey. Massive Computing, In: Kumar V, Srivastava J, Lazarevic A (eds), Managing Cyber Threats: Issues, Approaches and Challenges, Springer, ISBN 0387242260Google Scholar
  3. 3.
    Armenteros A, Garcia L, Muñoz A, Maña A (2008) Realising the Potential of SERENITY in Emerging AmI Ecosystems: Implications and Challenges. In: Spanoudakis G, Maña A, Kokolakis S (eds) Security and Dependability for Ambient Intelligence, Information Security Series, SpringerGoogle Scholar
  4. 4.
    Avizienis A, Larpie C, Randell B (2001). Fundamental Concepts of Dependability. LAAS-CNRS, Tech. Rep. N01145.Google Scholar
  5. 5.
    Baresi L, Guinea S (2005) Dynamo: Dynamic Monitoring of WS-BPEL Processes. Proceedings of 3rd International Conference On Service Oriented Computing, Amsterdam, The Netherlands.Google Scholar
  6. 6.
    Campbell A, Safavi-Naini R, Pleasants A (1992) Partial Belief and Probabilistic Reasoning in the Analysis of Secure Protocols. Proceedings of 5th IEEE Computer Security Foundations Workshop, 84–91. IEEE Computer Society Press.Google Scholar
  7. 7.
    Chatzigiannakis V, Androulidakis G, Grammatikou M, Maglaris B (2004) A Distributed Intrusion Detection Prototype using Security Agents. Proceedings of HP Open View University Association (HPOVUA)Google Scholar
  8. 8.
    Chatzigiannakis V, Androulidakis G, Grammatikou M, Maglaris B (2004) An Architectural Framework for Distributed Intrusion Detection using Smart Agents. Proceedings of SAM04, Las VegasGoogle Scholar
  9. 9.
    Chen F, Rosu G (2003) Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation. In Electronic Notes in Theoretical Computer Science, 89(2), Elsevier Science B.V.Google Scholar
  10. 10.
    Denning D (1987) An Intrusion-Detection Model. IEEE Transactions on Software Engineering, 13(2): 222–232.CrossRefGoogle Scholar
  11. 11.
    Gale D (2007) Linear programming and the simplex method. Notices of the AMS, 54(3):364–369.zbMATHMathSciNetGoogle Scholar
  12. 12.
    Ghezzi C, Guinea S (2007) Runtime Monitoring in Service Oriented Architectures. In: Baresi L and di Nitto E. (eds), Test and Analysis of Web Services, Springer, 237–264, 2007.Google Scholar
  13. 13.
    Gudkov V, Johnson J (2002) Multidimensional Network Monitoring for Intrusion Detection. CoRR: Cryptography and Security/0206020Google Scholar
  14. 14.
    Havelund K, Roşu G (2004) An Overview of the Runtime Verification Tool Java PathExplorer. Form. Methods Syst. Des. 24, 189–215.zbMATHCrossRefGoogle Scholar
  15. 15.
    Barringer H, Rydeheard D, Gabbay D (2007) A Logical Framework for Monitoring and Evolving Software Components. Proceedings of 1st Joint IEEE/IFIP Symposium on Theoretical Aspects of Computer Science (TASE07), Shanghai.Google Scholar
  16. 16.
    Howard B, Dov G, Rydeheard D, (2007) From Runtime Verification to Evolvable Systems. 7th International Workshop on Runtime VerificationGoogle Scholar
  17. 17.
    Kloukinas C, Mahbub K, Spanoudakis G (2007) Evaluation of V1 of Dynamic Validation Prototype, Deliverable A4.D3.2, SERENITY Project,, Accessed 9 December 2008
  18. 18.
    Mahbub K, Spanoudakis G. (2004) A Framework for Requirements Monitoring of Service Based Systems. Proceedings of 2nd International Conference on Service Oriented Computing, NY, USA.Google Scholar
  19. 19.
    Mahbub K, Spanoudakis G. (2005) Run-time Monitoring of Requirements for Systems Composed of Web-Services: Initial Implementation and Evaluation Experience. Proceedings of 3rd Int. IEEE Conf. on Web ServicesGoogle Scholar
  20. 20.
    Mahbub K, Spanoudakis G, Kloukinas C, (2007). V2 of dynamic validation prototype”. Deliverable A4.D3.3, SERENITY Project, Accessed 9 December 2008
  21. 21.
    Mahbub K, Spanoudakis G (2007) Monitoring WS-Agreements: An Event Calculus Based Approach. In: Baresi L, and di Nitto E (eds), Test and Analysis of Web Services, SpringerGoogle Scholar
  22. 22.
    Maña A et al (2006) Security engineering for ambient intelligence: A manifesto. In: Integrating Security and Software Engineering: Advances and Future Vision. Idea Group Publishing, 244–270Google Scholar
  23. 23.
    NTP,, Accessed on 9 December 2008
  24. 24.
    Moser O, Rosenberg F, Dustdar S (2008) Non-intrusive monitoring and service adaptation for WS-BPEL. Proceedings of 17th International Conference on World Wide WebGoogle Scholar
  25. 25.
    Zhang Q, Janakiraman R (2001) Indra: A Distributed Approach to Network Intrusion Detection and Prevention. Washington University Technical Report # WUCS-01-30Google Scholar
  26. 26.
    Li Q (2007) A Dynamic Verification Platform for BPEL Environments. MSc. Thesis, Department of Electrical & Computer Engineering, University of AlbertaGoogle Scholar
  27. 27.
    Shanahan M.P. (1999) The event calculus explained. In: Artificial Intelligence Today. Volume 1600 of Lecture Notes in Artificial Intelligence. (1999) 409–430Google Scholar
  28. 28.
    SNORT Intrusion Detection System,, 2004. Accessed 9 December 2008
  29. 29.
    Spanoudakis G, Kloukinas C, Androutsopoulos K.(2007) Towards security monitoring patterns. Proceedings of ACM Symposium on Applied Computing (SAC07) - Track on Software Verification, Volume 2, Seoul, Korea, 1518–1525Google Scholar
  30. 30.
    Spanoudakis G, Mahbub K (2006) Non intrusive monitoring of service based systems. Int. J. of Cooperative Information Systems 15: 325–358CrossRefGoogle Scholar
  31. 31.
    Staniford-Chen S, Tung B, Porras P, Kahn C, Schnackenberg D, Feiertag R, Stillman M (1998) The Common Intrusion Detection Framework - Data Formats. IETF, draft-staniford-cidf-data-formats-00.txt, Accessed on 9 December 2008
  32. 32.
    Stephen E, Hansen, E, Atkins T (1993) Automated System Monitoring and Notification With Swatch. Proceedings of 7th USENIX conference on System administration, Monterey, California, USA, 1993Google Scholar
  33. 33.
    Tsigritis T, Spanoudakis G, Kloukinas C, Lorenzoli D (2009) Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework. In Spanoudakis G, Maña A, and Kokolakis S (eds), Security and Dependability for Ambient Intelligence, Information Security Series, SpringerGoogle Scholar
  34. 34.
    van Lamsweerde A (1996) Divergent Views in Goal-Driven Requirements Engineering. Proceedings of Viewpoints '96 – ACM SIGSOFT Workshop of Viewpoints in Software DevelopmentGoogle Scholar

Copyright information

© Springer-Verlag US 2009

Authors and Affiliations

  • George Spanoudakis
    • 1
  • Christos Kloukinas
    • 2
  • Khaled Mahbub
    • 3
  1. 1.Dept. of ComputingCity UniversityLondon
  2. 2.Dept. of ComputingCity UniversityLondon
  3. 3.Dept. of ComputingCity UniversityLondon

Personalised recommendations