Combining Symbolic Runtime Enforcers for Cyber-Physical Systems

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10548)


The problem of composing multiple, possibly conflicting, runtime enforcers for a cyber-physical system (CPS) is considered. A formal definition of utility-agnostic and utility-maximizing CPS enforcers is presented, followed by an algorithm to combine multiple enforcers, and resolve their conflicts based on a design-time prioritization. To implement this combination in an efficient manner, enforcers are encoded symbolically using SMT formulas, and the combination is reduced to a set of SMT satisfiability and optimization operations. Further performance gains are achieved by using the SMT solvers incrementally. The approach is validated via experiments in an indoor area with Parrot minidrones. The incremental enforcer combination is shown to achieve an order of magnitude speedup, and no deadline misses.



Copyright 2017 Carnegie Mellon University1.


  1. 1.
    NSF Definition of Cyber-Physical Systems.
  2. 2.
    Bak, S., Johnson, T., Caccamo, M., Sha, L.: Real-time reachability for verified simplex design. In: Proceedings of the 35th Real-Time Systems Symposium, RTSS 2014 (2014)Google Scholar
  3. 3.
    Basin, D., Jugé, V., Klaedtke, F., Zălinescu, E.: Enforceable security policies revisited. ACM Trans. Inf. Syst. Secur. (TISSEC) (2013)Google Scholar
  4. 4.
    Bjørner, N., Phan, A.-D., Fleckenstein, L.: \(vZ\) - An optimizing SMT solver. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 194–199. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46681-0_14 Google Scholar
  5. 5.
    Bloem, R., Könighofer, B., Könighofer, R., Wang, C.: Shield synthesis: runtime enforcement for reactive systems. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 533–548. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46681-0_51 Google Scholar
  6. 6.
    deNiz, D., Lakshmanan, K., Rajkumar, R.: On the scheduling of mixed-criticality real-time task sets. In: Proceedings of the 30th Real-Time Systems Symposium, RTSS 2009 (2009)Google Scholar
  7. 7.
    Falcone, Y., Mounier, L., Fernandez, J.C., Ricier, J.L.: Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Form. Methods Syst. Des. (FMSD) 38, 223–262 (2011)CrossRefzbMATHGoogle Scholar
  8. 8.
    Fong, P.: Access control by tracking shallow execution history. In: IEEE Security and Privacy (2004)Google Scholar
  9. 9.
    Havelund, K., Goldberg, A.: Verify your runs. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 374–383. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-69149-5_40 CrossRefGoogle Scholar
  10. 10.
    Havelund, K., Rosu, G.: Monitoring programs using rewriting. In: Proceedings of the 16th International Conference on Automated Software Engineering, ASE 2001 (2001)Google Scholar
  11. 11.
    Kim, M., Viswanathan, M., Ben-Abdallah, H., Kannan, S., Lee, I., Sokolsky, O.: Formally specified monitoring of temporal properties. In: Proceedings of the 11th Euromicro Conference on Real-Time Systems, ECRTS 1999 (1999)Google Scholar
  12. 12.
    Leucker, M., Schallhart, C.: A brief account of runtime verification. In: JLAP (2008)Google Scholar
  13. 13.
    Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. Int. J. Inf. Secur. (IJIS) 4, 2–16 (2005)CrossRefGoogle Scholar
  14. 14.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78800-3_24 CrossRefGoogle Scholar
  15. 15.
    Pike, L., Wegmann, N., Niller, S., Goodloe, A.: Copilot: monitoring embedded systems. Innov. Syst. Softw. Eng. (ISSE) 9, 235–255 (2013)CrossRefGoogle Scholar
  16. 16.
    Pinisetty, S., Falcone, Y., Jéron, T., Marchand, H., Rollet, A., Timo, O.: Runtime enforcement of timed properties. In: Proceedings of the 2nd International Conference on Runtime Verification, RV 2012 (2012)Google Scholar
  17. 17.
    Pinisetty, S., Roop, P., Smyth, S., Tripakis, S., Hanxleden, R.: Runtime enforcement of reactive systems using synchronous enforcers. coRR abs/1612.05030 (2016)Google Scholar
  18. 18.
    Pinisetty, S., Tripakis, S.: Compositional runtime enforcement. In: Rayadurgam, S., Tkachuk, O. (eds.) NFM 2016. LNCS, vol. 9690, pp. 82–99. Springer, Cham (2016). doi: 10.1007/978-3-319-40648-0_7 CrossRefGoogle Scholar
  19. 19.
    Schneider, F.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3, 30–50 (2000)CrossRefGoogle Scholar
  20. 20.
    Seto, D., Krogh, B., Sha, L., Chutinan, A.: The simplex architecture for safe online control system upgrades. In: Proceedings of the American Control Conference (1998)Google Scholar
  21. 21.
    Viswanatha, M.: Foundations for the run-time analysis of software systems. Ph.D. thesis, University of Pennsylvania (2000)Google Scholar
  22. 22.
    Wu, M., Zeng, H., Wang, C.: Synthesizing runtime enforcer of safety properties under burst error. In: Rayadurgam, S., Tkachuk, O. (eds.) NFM 2016. LNCS, vol. 9690, pp. 65–81. Springer, Cham (2016). doi: 10.1007/978-3-319-40648-0_6 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations