Skip to main content
SpringerLink
Log in
Book cover

International Conference on Runtime Verification

RV 2014: Runtime Verification pp 31–47Cite as

Scalable Offline Monitoring

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8734))

Abstract

We propose an approach to monitoring IT systems offline, where system actions are logged in a distributed file system and subsequently checked for compliance against policies formulated in an expressive temporal logic. The novelty of our approach is that monitoring is parallelized so that it scales to large logs. Our technical contributions comprise a formal framework for slicing logs, an algorithmic realization based on MapReduce, and a high-performance implementation. We evaluate our approach analytically and experimentally, proving the soundness and completeness of our slicing techniques and demonstrating its practical feasibility and efficiency on real-world logs with 400 GB of relevant data.

This work was partly done while Matúš Harvan was at ETH Zurich and Google Inc. and Felix Klaedtke was at ETH Zurich. The Center for Advanced Security Research Darmstadt (www.cased.de), the Zurich Information Security and Privacy Center (www.zisc.ethz.ch), and Google Inc. supported this work.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases: The Logical Level. Addison Wesley (1994)

    Google Scholar 

  2. Alur, R., Henzinger, T.A.: Logics and models of real time: A survey. In: Huizing, C., de Bakker, J.W., Rozenberg, G., de Roever, W.-P. (eds.) REX 1991. LNCS, vol. 600, pp. 74–106. Springer, Heidelberg (1992)

    Google Scholar 

  3. Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)

    Google Scholar 

  4. Barre, B., Klein, M., Soucy-Boivin, M., Ollivier, P.-A., Hallé, S.: MapReduce for parallel trace validation of LTL properties. In: Qadeer, S., Tasiran, S. (eds.) RV 2012. LNCS, vol. 7687, pp. 184–198. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Barringer, H., Goldberg, A., Havelund, K., Sen, K.: Rule-based runtime verification. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 44–57. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Barringer, H., Groce, A., Havelund, K., Smith, M.: Formal analysis of log files. J. Aero. Comput. Inform. Comm. 7, 365–390 (2010)

    Article  Google Scholar 

  7. Basin, D., Harvan, M., Klaedtke, F., Zălinescu, E.: MONPOLY: Monitoring usage-control policies. In: Khurshid, S., Sen, K. (eds.) RV 2011. LNCS, vol. 7186, pp. 360–364. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Basin, D., Harvan, M., Klaedtke, F., Zălinescu, E.: Monitoring data usage in distributed systems. IEEE Trans. Software Eng. 39(10), 1403–1426 (2013)

    Article  Google Scholar 

  9. Basin, D., Klaedtke, F., Müller, S., Pfitzmann, B.: Runtime monitoring of metric first-order temporal properties. In: Proceedings of the 28th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS). Leibniz International Proceedings in Informatics (LIPIcs), vol. 2, pp. 49–60. Schloss Dagstuhl - Leibniz Center for Informatics (2008)

    Google Scholar 

  10. Bauer, A., Goré, R., Tiu, A.: A first-order policy language for history-based transaction monitoring. In: Leucker, M., Morgan, C. (eds.) ICTAC 2009. LNCS, vol. 5684, pp. 96–111. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  11. Chomicki, J.: Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans. Database Syst. 20(2), 149–186 (1995)

    Article  Google Scholar 

  12. Dean, J., Ghemawat, S.: MapReduce: Simplified data processing on large clusters. In: Proceedings of the 6th Symposium on Operating System Design and Implementation (OSDI), pp. 137–150. USENIX Association (2004)

    Google Scholar 

  13. Dinesh, N., Joshi, A., Lee, I., Sokolsky, O.: Checking traces for regulatory conformance. In: Leucker, M. (ed.) RV 2008. LNCS, vol. 5289, pp. 86–103. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Enderton, H.: A Mathematical Introduction to Logic, 2nd edn. Academic Press (2001)

    Google Scholar 

  15. Garg, D., Jia, L., Datta, A.: Policy auditing over incomplete logs: theory, implementation and applications. In: Proceedings of the 18th ACM Conference on Computer and Communications Security (CCS), pp. 151–162. ACM Press (2011)

    Google Scholar 

  16. Google. Protocol Buffers: Googles Data Interchange Format (2013), http://code.google.com/p/protobuf/

  17. Groce, A., Havelund, K., Smith, M.: From scripts to specification: The evaluation of a flight testing effort. In: Proceedings of the 32nd ACM/IEEE International Conference on Software Engineering (ICSE), vol. 2, pp. 129–138. ACM Press (2010)

    Google Scholar 

  18. Hallé, S., Villemaire, R.: Runtime enforcement of web service message contracts with data. IEEE Trans. Serv. Comput. 5(2), 192–206 (2012)

    Article  Google Scholar 

  19. Maggi, F.M., Montali, M., Westergaard, M., van der Aalst, W.M.P.: Monitoring business constraints with linear temporal logic: An approach based on colored automata. In: Rinderle-Ma, S., Toumani, F., Wolf, K. (eds.) BPM 2011. LNCS, vol. 6896, pp. 132–147. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  20. Marz, N.: STORM: Distributed and fault-tolerant realtime computation, http://storm-project.net

  21. Neumeyer, L., Robbins, B., Nair, A., Kesari, A.: S4: Distributed stream computing. In: Proceedings of the 11th International Conference on Data Mining Workshops (ICDMW), pp. 170–177. IEEE Computer Society (2010)

    Google Scholar 

  22. Roşu, G., Chen, F.: Semantics and algorithms for parametric monitoring. Log. Method. Comput. Sci. 8(1), 1–47 (2012)

    Google Scholar 

  23. Roger, M., Goubault-Larrecq, J.: Log auditing through model-checking. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW), pp. 220–234. IEEE Computer Society (2001)

    Google Scholar 

  24. Sistla, A.P., Wolfson, O.: Temporal triggers in active databases. IEEE Trans. Knowl. Data Eng. 7(3), 471–486 (1995)

    Article  Google Scholar 

  25. Wikipedia. MurmurHash — Wikipedia, the free encyclopedia (2013), https://en.wikipedia.org/wiki/MurmurHash

Download references

Author information

Authors and Affiliations

  1. Institute of Information Security, ETH Zurich, Switzerland

    David Basin

  2. Google Inc., Switzerland

    Germano Caronni

  3. Department of Computer Science, TU Darmstadt, Germany

    Sarah Ereth & Heiko Mantel

  4. ABB Corporate Research, Switzerland

    Matúš Harvan

  5. NEC Europe Ltd., Heidelberg, Germany

    Felix Klaedtke

Authors
  1. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Germano Caronni
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sarah Ereth
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Matúš Harvan
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Felix Klaedtke
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Heiko Mantel
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing and Software, McMaster University, 1280 Main Street West, L8S 4L7, Hamilton, ON, Canada

    Borzoo Bonakdarpour

  2. Department of Computer Science, State University of New York at Stony Brook, 1423 Computer Science, 11794-4400, Stony Brook, NY, USA

    Scott A. Smolka

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Basin, D., Caronni, G., Ereth, S., Harvan, M., Klaedtke, F., Mantel, H. (2014). Scalable Offline Monitoring. In: Bonakdarpour, B., Smolka, S.A. (eds) Runtime Verification. RV 2014. Lecture Notes in Computer Science, vol 8734. Springer, Cham. https://doi.org/10.1007/978-3-319-11164-3_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11164-3_4

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11163-6

  • Online ISBN: 978-3-319-11164-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation