Compositional Runtime Enforcement

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9690)


Runtime enforcement is a methodology used to enforce that the output of a running system satisfies a desired property. Given a property, an enforcement monitor modifies an (untrusted) sequence of events into a sequence that complies to that property. In practice, we may have not one, but many properties to enforce. Moreover, new properties may arise as new capabilities are added to the system. It then becomes interesting to be able to build not a single, monolithic monitor that enforces all the properties, but rather several monitors, one for each property. The question is to what extent such monitors can be composed, and how. This is the topic of this paper. We study two monitor composition schemes, serial and parallel composition, and show that, while enforcement under these schemes is generally not compositional, it is for certain subclasses of regular properties.


Input Sequence Safety Property Parallel Composition Label Transition System Enforcement Mechanism 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was partially supported by the Academy of Finland and the U.S. National Science Foundation (awards #1329759 and #1139138).


  1. 1.
    Bauer, L., Ligatti, J., Walker, D.: Composing expressive runtime security policies. ACM Trans. Softw. Eng. Methodol. 18(3), 9 (2009)CrossRefGoogle Scholar
  2. 2.
    Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015)Google Scholar
  3. 3.
    Clarke, E., Long, D., McMillan, K.: Compositional model checking. In: 1989 Fourth Annual Symposium on Logic in Computer Science, LICS 1989, Proceedings., pp. 353–362 (1989)Google Scholar
  4. 4.
    Falcone, Y., Jaber, M., Nguyen, T.H., Bozga, M., Bensalem, S.: Runtime verification of component-based systems in the BIP framework with formally-proved sound and complete instrumentation. Softw. Syst. Model. 14(1), 173–199 (2015)CrossRefGoogle Scholar
  5. 5.
    Falcone, Y., Mounier, L., Fernandez, J.C., Richier, J.L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. FMSD 38(3), 223–262 (2011)zbMATHGoogle Scholar
  6. 6.
    Falcone, Y., Jéron, T., Marchand, H., Pinisetty, S.: Runtime enforcement of regular timed properties by suppressing and delaying events. Sci. Comput. Program. 123, 2–41 (2016)CrossRefGoogle Scholar
  7. 7.
    Godefroid, P.: Compositional dynamic test generation. In: Proceedings of the 34th Annual ACM SIGPLAN-SIGACT. pp. 47–54. POPL, ACM, New York, USA (2007)Google Scholar
  8. 8.
    Grumberg, O., Long, D.E.: Model checking and modular verification. ACM Trans. Program. Lang. Syst. 16(3), 843–871 (1994)CrossRefGoogle Scholar
  9. 9.
    Kugler, H., Segall, I.: Compositional synthesis of reactive systems from live sequence chart specifications. In: Kowalewski, S., Philippou, A. (eds.) TACAS 2009. LNCS, vol. 5505, pp. 77–91. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  10. 10.
    Levy, J., Saïdi, H., Uribe, T.E.: Combining monitors for runtime system verification. Electron. Notes Theor. Comput. Sci. 70(4), 112–127 (2002). runtime VerificationCrossRefGoogle Scholar
  11. 11.
    Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of non safety policies. ACM Trans. Inf. Syst. Secur. 12(3), 19:1–19:41 (2009)CrossRefGoogle Scholar
  12. 12.
    Pinisetty, S., Falcone, Y., Jéron, T., Marchand, H., Rollet, A., Nguena Timo, O.: Runtime enforcement of timed properties revisited. FMSD 45(3), 381–422 (2014)zbMATHGoogle Scholar
  13. 13.
    Pinisetty, S., Preoteasa, V., Tripakis, S., Jéron, T., Falcone, Y., Marchand, H.: Predictive runtime enforcement. In: Symposium on Applied Computing (SAC-SVT). ACM (2016)Google Scholar
  14. 14.
    Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1), 30–50 (2000)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Aalto UniversityEspooFinland
  2. 2.University of CaliforniaBerkeleyUSA

Personalised recommendations