Rewriting-Based Runtime Verification for Alternation-Free HyperLTL

  • Noel Brett
  • Umair Siddique
  • Borzoo BonakdarpourEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10206)


Analysis of complex security and privacy policies (e.g., information flow) involves reasoning about multiple execution traces. This stems from the fact that an external observer may gain knowledge about the system through observing and comparing several executions. Monitoring of such policies is in particular challenging because most existing monitoring techniques are limited to the analysis of a single trace at run time. In this paper, we present a rewriting-based technique for runtime verification of the full alternation-free fragment of HyperLTL, a temporal logic for specification of hyperproperties. The distinguishing feature of our proposed technique is its space complexity, which is independent of the number of trace quantifiers in a given HyperLTL formula.


Information Flow Security Policy Security Level Boolean Expression Execution Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Agrawal, S., Bonakdarpour, B.: Runtime verification of \(k\)-safety hyperproperties in HyperLTL. In: Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF), pp. 239–252 (2016)Google Scholar
  2. 2.
    Assaf, M., Naumann, D.A.: Calculational design of information flow monitors. In: Proceedings of the 29th IEEE Computer Security Foundations Symposium (CSF), pp. 210–224 (2016)Google Scholar
  3. 3.
    Austin, T.H., Flanagan, C.: Efficient purely-dynamic information flow analysis. In: ACM Transactions on Programming Languages and Systems, pp. 113–124 (2009)Google Scholar
  4. 4.
    Chudnov, A., Kuan, G., Naumann, D.A.: Information flow monitoring as abstract interpretation for relational logic. In: IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, 19–22 July 2014, pp. 48–62 (2014)Google Scholar
  5. 5.
    Chudnov, A., Naumann, D.A.: Information flow monitor inlining. In: Proceedings of CSF, pp. 200–214 (2010)Google Scholar
  6. 6.
    Chugh, R., Meister, J.A., Jhala, R., Lerner, S.: Staged information flow for JavaScript. In: Proceedings of PLDI, pp. 50–62 (2009)Google Scholar
  7. 7.
    Clark, D., Hunt, S.: Non-interference for deterministic interactive programs. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 50–66. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-01465-9_4 CrossRefGoogle Scholar
  8. 8.
    Clarkson, M.R., Finkbeiner, B., Koleini, M., Micinski, K.K., Rabe, M.N., Sánchez, C.: Temporal logics for hyperproperties. In: Abadi, M., Kremer, S. (eds.) POST 2014. LNCS, vol. 8414, pp. 265–284. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54792-8_15 CrossRefGoogle Scholar
  9. 9.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)CrossRefGoogle Scholar
  10. 10.
    Devriese, D., Piessens, F.: Noninterference through secure multi-execution. In: 31st IEEE Symposium on Security and Privacy, S&P, pp. 109–124 (2010)Google Scholar
  11. 11.
    Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., Jung, J., McDaniel, P., Sheth, A.N.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. In: Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation, OSDI 2010, Vancouver, BC, Canada, pp. 393–407. USENIX Association, Berkeley (2010).
  12. 12.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: IEEE Symposium on Security and Privacy, pp. 11–20 (1982)Google Scholar
  13. 13.
    Havelund, K., Rosu, G.: Monitoring programs using rewriting. In: Automated Software Engineering (ASE), pp. 135–143 (2001)Google Scholar
  14. 14.
    Magazinius, J., Russo, A., Sabelfeld, A.: On-the-fly inlining of dynamic security monitors. Comput. Secur. 31(7), 827–843 (2012)CrossRefGoogle Scholar
  15. 15.
    Manna, Z., Pnueli, A.: Temporal Verification of Reactive Systems - Safety. Springer, Heidelberg (1995)CrossRefzbMATHGoogle Scholar
  16. 16.
    McCullough, D.: Noninterference and the composability of security properties. In: IEEE Symposium on Security and Privacy, pp. 177–186 (1988)Google Scholar
  17. 17.
    McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: IEEE Computer Society Symposium on Research in Security and Privacy, pp. 79–93 (1994)Google Scholar
  18. 18.
    Myers, A.C.: JFlow: practical mostly-static information flow control. In: Proceedings of Conference Record of the Annual ACM Symposium on Principles of Programming Languages, pp. 228–241 (1999)Google Scholar
  19. 19.
    Myers, A.C., Liskov, B.: Complete, safe information flow with decentralized labels (1998)Google Scholar
  20. 20.
    Nair, S., Simpson, P.N.D., Crispo, B., Tanenbaum, A.S.: A virtual machine based information flow control system for policy enforcement. Electron. Notes Theor. Comput. Sci. 197(1), 3–16 (2008)CrossRefGoogle Scholar
  21. 21.
    Pottier, F., Simonet, V.: Information flow inference for ML. In: Proceedings of Conference Record of the Annual ACM Symposium on Principles of Programming Languages, pp. 319–330 (2002)Google Scholar
  22. 22.
    Rosu, G., Havelund, K.: Rewriting-based techniques for runtime verification. Autom. Softw. Eng. 12(2), 151–197 (2005)CrossRefGoogle Scholar
  23. 23.
    Russo, A., Sabelfeld, A.: Dynamic vs. static flow-sensitive security analysis. In: Proceedings of the XXrd IEEE Computer Security Foundations Symposium (CSF), pp. 186–199 (2010)Google Scholar
  24. 24.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)CrossRefGoogle Scholar
  25. 25.
    Zdancewic, S., Myers, A.C.: Observational determinism for concurrent program security. In: Computer Security Foundations Workshop, p. 29 (2003)Google Scholar
  26. 26.
    Zhu, Y., Jung, J., Song, D., Kohno, T., Wetherall, D.: Privacy scope: a precise information flow tracking system for finding application leaks. Technical report, EECS Department, University of California, Berkeley, October 2009Google Scholar

Copyright information

© Springer-Verlag GmbH Germany 2017

Authors and Affiliations

  • Noel Brett
    • 1
  • Umair Siddique
    • 1
  • Borzoo Bonakdarpour
    • 1
    Email author
  1. 1.Department of Computing and SoftwareMcMaster UniversityHamiltonCanada

Personalised recommendations