Runtime enforcement of regular timed properties by suppressing and delaying events

Abstract Runtime enforcement is a verification/validation technique aiming at correcting possibly incorrect executions of a system of interest. In this paper, we consider enforcement monitoring for systems where the physical time elapsing between actions matters. Executions are thus modelled as timed words (i.e., sequences of actions with dates). We consider runtime enforcement for timed specifications modelled as timed automata. Our enforcement mechanisms have the power of both delaying events to match timing constraints, and suppressing events when no delaying is appropriate, thus possibly allowing for longer executions. To ease their design and their correctness-proof, enforcement mechanisms are described at several levels: enforcement functions that specify the input–output behaviour in terms of transformations of timed words, constraints that should be satisfied by such functions, enforcement monitors that describe the operational behaviour of enforcement functions, and enforcement algorithms that describe the implementation of enforcement monitors. The feasibility of enforcement monitoring for timed properties is validated by prototyping the synthesis of enforcement monitors from timed automata.

[1]  Volker Gruhn,et al.  Patterns for Timed Property Specifications , 2006, QAPL.

[2]  Gordon J. Pace,et al.  Dynamic Event-Based Runtime Monitoring of Real-Time and Contextual Properties , 2009, FMICS.

[3]  Insup Lee,et al.  Run-Time Checking of Dynamic Properties , 2006, Electron. Notes Theor. Comput. Sci..

[4]  Úlfar Erlingsson,et al.  IRM enforcement of Java stack inspection , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[5]  Alwyn E. Goodloe,et al.  Monitoring Distributed Real-Time Systems: A Survey and Future Directions , 2010 .

[6]  Grigore Rosu,et al.  Synthesizing Monitors for Safety Properties , 2002, TACAS.

[7]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[8]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[9]  Mahesh Viswanathan,et al.  Foundations for the Run-Time Monitoring of Reactive Systems - Fundamentals of the MaC Language , 2004, ICTAC.

[10]  Gordon J. Pace,et al.  LARVA --- Safer Monitoring of Real-Time Java Programs (Tool Paper) , 2009, 2009 Seventh IEEE International Conference on Software Engineering and Formal Methods.

[11]  Thierry Jéron,et al.  Runtime Enforcement of Parametric Timed Properties with Practical Applications , 2014, WODES.

[12]  Insup Lee,et al.  RT-MaC: runtime monitoring and checking of quantitative and probabilistic properties , 2005, 11th IEEE International Conference on Embedded and Real-Time Computing Systems and Applications (RTCSA'05).

[13]  Véronique Bruyère,et al.  On the optimal reachability problem of weighted timed automata , 2007, Formal Methods Syst. Des..

[14]  Thierry Jéron,et al.  Runtime enforcement of timed properties. (Enforcement à l'éxécution de propriétés temporisées) , 2012, RV.

[15]  Dejan Nickovic,et al.  AMT: A Property-Based Monitoring Tool for Analog Systems , 2007, FORMATS.

[16]  Pascal Lafourcade,et al.  Monitoring Electronic Exams , 2015, RV.

[17]  Úlfar Erlingsson,et al.  Strato: A Retargetable Framework for Low-Level Inlined-Reference Monitors , 2013, USENIX Security Symposium.

[18]  Marco Caccamo,et al.  Sandboxing Controllers for Cyber-Physical Systems , 2011, 2011 IEEE/ACM Second International Conference on Cyber-Physical Systems.

[19]  Klaus Havelund,et al.  Verify Your Runs , 2005, VSTTE.

[20]  Fabio Massacci,et al.  Do you really mean what you actually enforced? , 2011, International Journal of Information Security.

[21]  Grigore Rosu,et al.  On Safety Properties and Their Monitoring , 2012, Sci. Ann. Comput. Sci..

[22]  Lui Sha,et al.  The Simplex architecture for safe online control system upgrades , 1998, Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207).

[23]  Yliès Falcone,et al.  What can you verify and enforce at runtime? , 2012, International Journal on Software Tools for Technology Transfer.

[24]  Thomas A. Henzinger,et al.  Event-Clock Automata: A Determinizable Class of Timed Automata , 1999, Theor. Comput. Sci..

[25]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[26]  Wang Yi,et al.  Timed Automata: Semantics, Algorithms and Tools , 2003, Lectures on Concurrency and Petri Nets.

[27]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[28]  Gordon J. Pace,et al.  Fast-Forward Runtime Monitoring - An Industrial Case Study , 2012, RV.

[29]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[30]  Dejan Nickovic,et al.  From Mtl to Deterministic Timed Automata , 2010, FORMATS.

[31]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[32]  Grigore Rosu,et al.  Runtime Verification with the RV System , 2010, RV.

[33]  Yliès Falcone,et al.  You Should Better Enforce Than Verify , 2010, RV.

[34]  Martin Leucker,et al.  A brief account of runtime verification , 2009, J. Log. Algebraic Methods Program..

[35]  Mahesh Viswanathan,et al.  Computational Analysis of Run-time Monitoring - Fundamentals of Java-MaC , 2002, Electron. Notes Theor. Comput. Sci..

[36]  Thierry Jéron,et al.  Runtime enforcement of regular timed properties , 2014, SAC.

[37]  Felix Klaedtke,et al.  Algorithms for Monitoring Real-Time Properties , 2011, RV.

[38]  Dejan Nickovic,et al.  On Synthesizing Controllers from Bounded-Response Properties , 2007, CAV.

[40]  Thierry Jéron,et al.  TiPEX: A Tool Chain for Timed Property Enforcement During eXecution , 2015, RV.

[41]  Grigore Rosu,et al.  Monitoring Algorithms for Metric Temporal Logic Specifications , 2004, RV@ETAPS.

[42]  Fabio Massacci,et al.  Do you really mean what you actually enforced? , 2009, International Journal of Information Security.

[43]  Felix Klaedtke,et al.  Enforceable Security Policies Revisited , 2012, POST.

[44]  Thierry Jéron,et al.  Runtime enforcement of timed properties revisited , 2014, Formal Methods Syst. Des..

[45]  Yliès Falcone,et al.  Runtime enforcement monitors: composition, synthesis, and enforcement abilities , 2011, Formal Methods Syst. Des..

[46]  Insup Lee,et al.  Introduction to the special section on runtime verification , 2012, International Journal on Software Tools for Technology Transfer.

[47]  Marco Caccamo,et al.  Using run-time checking to provide safety and progress for distributed cyber-physical systems , 2013, 2013 IEEE 19th International Conference on Embedded and Real-Time Computing Systems and Applications.

[48]  Fred B. Schneider,et al.  Enforceable security policies , 2000, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[49]  Kim G. Larsen,et al.  A Tutorial on Uppaal , 2004, SFM.

[50]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[51]  A. Prasad Sistla,et al.  Runtime Monitoring of Stochastic Cyber-Physical Systems with Hybrid State , 2011, RV.

[52]  Dejan Nickovic,et al.  From MITL to Timed Automata , 2006, FORMATS.

[53]  Amir Pnueli,et al.  PSL Model Checking and Run-Time Verification Via Testers , 2006, FM.

[54]  Gordon J. Pace,et al.  Safer asynchronous runtime monitoring using compensations , 2012, Formal Methods Syst. Des..

[55]  Felix Klaedtke,et al.  Scalable Offline Monitoring , 2014, RV.

[56]  Klaus Havelund,et al.  A Tutorial on Runtime Verification , 2013, Engineering Dependable Software Systems.