Gray-box Monitoring of Hyperproperties

Many important system properties, particularly in security and privacy, cannot be verified statically. Therefore, runtime verification is an appealing alternative. Logics for hyperproperties, such as HyperLTL, support a rich set of such properties. We first show that black-box monitoring of HyperLTL is in general unfeasible, and suggest a gray-box approach. Gray-box monitoring implies performing analysis of the system at run-time, which brings new limitations to monitorabiliy (the feasibility of solving the monitoring problem). Thus, as another contribution of this paper, we refine the classic notions of monitorability, both for trace properties and hyperproperties, taking into account the computability of the monitor. We then apply our approach to monitor a privacy hyperproperty called distributed data minimality, expressed as a HyperLTL property, by using an SMT-based static verifier at runtime.

[1]  David Sands,et al.  Data Minimisation: A Language-Based Approach , 2017, SEC.

[2]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[3]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[4]  Umair Siddique,et al.  Rewriting-Based Runtime Verification for Alternation-Free HyperLTL , 2017, TACAS.

[5]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[6]  Amir Pnueli,et al.  PSL Model Checking and Run-Time Verification Via Testers , 2006, FM.

[7]  Ellis S. Cohen Information transmission in computational systems , 1977, SOSP '77.

[8]  David Sands,et al.  Monitoring Data Minimisation , 2018, ArXiv.

[9]  Bernd Finkbeiner,et al.  The Complexity of Monitoring Hyperproperties , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[10]  Yliès Falcone,et al.  What can you verify and enforce at runtime? , 2012, International Journal on Software Tools for Technology Transfer.

[11]  Xian Zhang,et al.  Runtime Verification with Predictive Semantics , 2012, NASA Formal Methods.

[12]  Yliès Falcone,et al.  Runtime Verification of Safety-Progress Properties , 2009, RV.

[13]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[14]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[15]  Pasquale Malacaria,et al.  Information Leakage Analysis of Complex C Code and Its application to OpenSSL , 2016, ISoLA.

[16]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[17]  César Sánchez,et al.  Monitoring Hyperproperties by Combining Static Analysis and Runtime Verification , 2018, ISoLA.

[18]  César Sánchez,et al.  Gray-box Monitoring of Hyperproperties (Extended Version) , 2019, FM.

[19]  Bernd Finkbeiner,et al.  Monitoring hyperproperties , 2019, Formal Methods Syst. Des..

[20]  Martin Leucker,et al.  The Good, the Bad, and the Ugly, But How Ugly Is Ugly? , 2007, RV.

[21]  Doron A. Peled,et al.  Runtime Verification: From Propositional to First-Order Temporal Logic , 2018, RV.

[22]  Luan Viet Nguyen,et al.  Hyperproperties of real-valued signals , 2017, MEMOCODE.

[23]  Gerhard Goos,et al.  Lectures on Runtime Verification , 2018, Lecture Notes in Computer Science.

[24]  David Sands,et al.  Runtime Verification of Hyperproperties for Deterministic Programs , 2018, 2018 IEEE/ACM 6th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[25]  Borzoo Bonakdarpour,et al.  Runtime Verification of k-Safety Hyperproperties in HyperLTL , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).