Abstract
Runtime enforcement is a dynamic analysis technique that instruments a monitor with a system in order to ensure its correctness as specified by some property. This paper explores bidirectional enforcement strategies for properties describing the input and output behaviour of a system. We develop an operational framework for bidirectional enforcement and use it to study the enforceability of the safety fragment of Hennessy-Milner logic with recursion (sHML). We provide an automated synthesis function that generates correct monitors from sHML formulas, and show that this logic is enforceable via a specific type of bidirectional enforcement monitors called action disabling monitors.
This work was partly supported by the projects “TheoFoMon: Theoretical Foundations for Monitorability” (nr.163406-051),“Developing Theoretical Foundations for Runtime Enforcement” (nr.184776-051) and “MoVeMnt: Mode(l)s of Verification and Monitorability” (nr.217987-051) of the Icelandic Research Fund, by the Italian MIUR project PRIN 2017FTXR7S IT MATTERS “Methods and Tools for Trustworthy Smart Systems”, by the EU H2020 RISE programme under the Marie Skłodowska-Curie grant agreement nr. 778233, and by the Endeavour Scholarship Scheme (Malta), part-financed by the European Social Fund (ESF) - Operational Programme II – 2014–2020.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
These transducers were originally introduced in [5] for unidirectional enforcement.
References
Aceto, L., Achilleos, A., Francalanza, A., Ingólfsdóttir, A.: A framework for parameterized monitorability. In: Baier, C., Dal Lago, U. (eds.) FoSSaCS 2018. LNCS, vol. 10803, pp. 203–220. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89366-2_11
Aceto, L., Achilleos, A., Francalanza, A., Ingólfsdóttir, A., Kjartansson, S.Ö.: Determinizing monitors for HML with recursion. J. Log. Algebraic Methods Program. 111, (2020). https://doi.org/10.1016/j.jlamp.2019.100515
Aceto, L., Achilleos, A., Francalanza, A., Ingólfsdóttir, A., Lehtinen, K.: The Best a Monitor Can Do. In: CSL. LIPIcs, vol. 183, pp. 7:1–7:23. Schloss Dagstuhl (2021). https://doi.org/10.4230/LIPIcs.CSL.2021.7
Aceto, L., Attard, D.P., Francalanza, A., Ingólfsdóttir, A.: On benchmarking for concurrent runtime verification. FASE 2021. LNCS, vol. 12649, pp. 3–23. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-71500-7_1
Aceto, L., Cassar, I., Francalanza, A., Ingólfsdóttir, A.: On Runtime Enforcement via Suppressions. In: CONCUR. vol. 118, pp. 34:1–34:17. Schloss Dagstuhl (2018). https://doi.org/10.4230/LIPIcs.CONCUR.2018.34
Aceto, L., Cassar, I., Francalanza, A., Ingólfsdóttir, A.: On bidirectional enforcement. Technical report Reykjavik University (2020). http://icetcs.ru.is/theofomon/bidirectionalRE.pdf
Aceto, L., Ingólfsdóttir, A.: Testing Hennessy-Milner logic with recursion. In: Thomas, W. (ed.) FoSSaCS 1999. LNCS, vol. 1578, pp. 41–55. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49019-1_4
Aceto, L., Ingólfsdóttir, A., Larsen, K.G., Srba, J.: Reactive Systems: Modelling, Specification and Verification. Cambridge University Press, NY, USA (2007)
Alur, R., Černý, P.: Streaming Transducers for Algorithmic Verification of Single-pass List-processing Programs. In: POPL, pp. 599–610. ACM (2011). https://doi.org/10.1145/1926385.1926454
Attard, D.P., Francalanza, A.: A monitoring tool for a branching-time logic. In: Falcone, Y., Sánchez, C. (eds.) RV 2016. LNCS, vol. 10012, pp. 473–481. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46982-9_31
Bielova, N., Massacci, F.: Do you really mean what you actually enforced?-edited automata revisited. J. Inf. Secur. 10(4), 239–254 (2011). https://doi.org/10.1007/s10207-011-0137-2
Bocchi, L., Chen, T.C., Demangeon, R., Honda, K., Yoshida, N.: Monitoring networks through multiparty session types. TCS 669, 33–58 (2017)
Cassar, I.: Developing Theoretical Foundations for Runtime Enforcement. Ph.D. thesis, University of Malta and Reykjavik University (2021)
Cassar, I., Francalanza, A., Aceto, L., Ingólfsdóttir, A.: eAOP: an aspect oriented programming framework for Erlang. In: Erlang. ACM SIGPLAN (2017)
Cassar, I., Francalanza, A., Attard, D.P., Aceto, L., Ingólfsdóttir, A.: A Suite of Monitoring Tools for Erlang. In: RV-CuBES. Kalpa Publications in Computing, vol. 3, pp. 41–47. EasyChair (2017)
Cassar, I., Francalanza, A., Said, S.: Improving Runtime Overheads for detectEr. In: FESCA. EPTCS, vol. 178, pp. 1–8 (2015)
Chen, T.-C., Bocchi, L., Deniélou, P.-M., Honda, K., Yoshida, N.: Asynchronous distributed monitoring for multiparty session enforcement. In: Bruni, R., Sassone, V. (eds.) TGC 2011. LNCS, vol. 7173, pp. 25–45. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30065-3_2
Falcone, Y., Fernandez, J.-C., Mounier, L.: Synthesizing Enforcement Monitors w.r.t. the safety-progress classification of properties. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 41–55. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89862-7_3
Falcone, Y., Fernandez, J.C., Mounier, L.: What can you verify and enforce at runtime? J. Softw. Tools Technol. Transf. 14(3), 349 (2012)
Francalanza, A.: Consistently-Detecting Monitors. In: CONCUR. LIPIcs, vol. 85, pp. 8:1–8:19. Dagstuhl, Germany (2017). https://doi.org/10.4230/LIPIcs.CONCUR.2017.8
Francalanza, A.: A theory of monitors. Inf. Comput 104704 (2021). https://doi.org/10.1016/j.ic.2021.104704
Francalanza, A., Aceto, L., Ingólfsdóttir, A.: Monitorability for the Hennessy-Milner logic with recursion. Formal Methods Syst. Des. 51(1), 87–116 (2017)
Hennessy, M., Lin, H.: Proof systems for message-passing process algebras. Formal Aspects Comput. 8(4), 379–407 (1996). https://doi.org/10.1007/BF01213531
Hennessy, M., Liu, X.: A modal logic for message passing processes. Acta Inf. 32(4), 375–393 (1995). https://doi.org/10.1007/BF01178384
van Hulst, A.C., Reniers, M.A., Fokkink, W.J.: Maximally permissive controlled system synthesis for non-determinism and modal logic. Discr. Event Dyn. Syst. 27(1), 109–142 (2017)
Jia, L., Gommerstadt, H., Pfenning, F.: Monitors and blame assignment for higher-order session types. In: POPL, pp. 582–594. ACM, NY, USA (2016)
Khoury, R., Tawbi, N.: Which security policies are enforceable by runtime monitors? A survey. Comput. Sci. Rev. 6(1), 27–45 (2012). https://doi.org/10.1016/j.cosrev.2012.01.001
Könighofer, B., et al.: Shield synthesis. Formal Methods Syst. Des. 51(2), 332–361 (2017). https://doi.org/10.1007/s10703-017-0276-9
Kozen, D.C.: Results on the propositional \(\mu \)-calculus. Theor. Comput. Sci. 27, 333–354 (1983)
Lanotte, R., Merro, M., Munteanu, A.: Runtime enforcement for control system security. In: CSF, pp. 246–261. IEEE (2020). https://doi.org/10.1109/CSF49147.2020.00025
Larsen, K.G.: Proof systems for satisfiability in Hennessy-Milner logic with recursion. Theor. Comput. Sci. 72(2), 265–288 (1990). https://doi.org/10.1016/0304-3975(90)90038-J
Ligatti, J., Bauer, L., Walker, D.: Edit automata: enforcement mechanisms for run-time security policies. J. Inf. Secur. 4(1), 2–16 (2005). https://doi.org/10.1007/s10207-004-0046-8
Ligatti, J., Bauer, L., Walker, D.: Run-time enforcement of nonsafety policies. ACM Trans. Inf. Syst. Secur. 12(3), 19:1–19:41 (2009)
Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes. I. Inf. Comput. 100(1), 1–40 (1992). https://doi.org/10.1016/0890-5401(92)90008-4
Pinisetty, S., Roop, P.S., Smyth, S., Allen, N., Tripakis, S., Hanxleden, R.V.: Runtime enforcement of cyber-physical systems. ACM Trans. Embed. Comput. Syst. 16(5s), 1–25 (2017)
Rathke, J., Hennessy, M.: Local model checking for value-passing processes (extended abstract). In: Abadi, M., Ito, T. (eds.) TACS 1997. LNCS, vol. 1281, pp. 250–266. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0014555
Sakarovitch, J.: Elements of Automata Theory. Cambridge University Press, New York, NY, USA (2009)
Sangiorgi, D.: Introduction to Bisimulation and Coinduction. Cambridge University Press, New York, NY, USA (2011)
Schneider, F.B.: Enforceable security policies. ACM Trans. Inf. Syst. Secur. (TISSEC) 3(1), 30–50 (2000)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Aceto, L., Cassar, I., Francalanza, A., Ingólfsdóttir, A. (2021). On Bidirectional Runtime Enforcement. In: Peters, K., Willemse, T.A.C. (eds) Formal Techniques for Distributed Objects, Components, and Systems. FORTE 2021. Lecture Notes in Computer Science(), vol 12719. Springer, Cham. https://doi.org/10.1007/978-3-030-78089-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-78089-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78088-3
Online ISBN: 978-3-030-78089-0
eBook Packages: Computer ScienceComputer Science (R0)