On Verifying Timed Hyperproperties

We study the satisfiability and model-checking problems for timed hyperproperties specified with HyperMTL, a timed extension of HyperLTL. Depending on whether interleaving of events in different traces is allowed, two possible semantics can be defined for timed hyperproperties: asynchronous and synchronous. While the satisfiability problem can be decided similarly to HyperLTL regardless of the choice of semantics, we show that the model-checking problem, unless the specification is alternation-free, is undecidable even when very restricted timing constraints are allowed. On the positive side, we show that model checking HyperMTL with quantifier alternations is possible under certain conditions in the synchronous semantics, or when there is a fixed bound on the length of the time domain.

[1]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[2]  Thomas A. Henzinger,et al.  Real-Time Logics: Complexity and Expressiveness , 1993, Inf. Comput..

[3]  Benjamin Monmege,et al.  Real-Time Synthesis is Hard! , 2016, FORMATS.

[4]  Joël Ouaknine,et al.  Some Recent Results in Metric Temporal Logic , 2008, FORMATS.

[5]  Yang Li,et al.  Fault Sensitivity Analysis , 2010, CHES.

[6]  Thomas A. Henzinger,et al.  The benefits of relaxing punctuality , 1991, JACM.

[7]  Bernd Finkbeiner,et al.  Deciding Hyperproperties , 2016, CONCUR.

[8]  Joël Ouaknine,et al.  Time-Bounded Verification , 2009, CONCUR.

[9]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[10]  Bernd Finkbeiner,et al.  RVHyper: A Runtime Verification Tool for Temporal Hyperproperties , 2018, TACAS.

[11]  Thomas A. Henzinger,et al.  Back to the future: towards a theory of timed regular languages , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[12]  Pierre Wolper,et al.  The Complementation Problem for Büchi Automata with Applications to Temporal Logic (Extended Abstract) , 1985, ICALP.

[13]  Michael Hamburg,et al.  Meltdown: Reading Kernel Memory from User Space , 2018, USENIX Security Symposium.

[14]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[15]  Ron Koymans,et al.  Specifying real-time properties with metric temporal logic , 1990, Real-Time Systems.

[16]  P. Madhusudan,et al.  Timed Control Synthesis for External Specifications , 2002, STACS.

[17]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[18]  Yih-Kuen Tsay,et al.  GOAL for Games, Omega-Automata, and Logics , 2013, CAV.

[19]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[20]  Thomas A. Henzinger,et al.  Logics and Models of Real Time: A Survey , 1991, REX Workshop.

[21]  Jean-François Raskin,et al.  Realizability of Real-Time Logics , 2009, FORMATS.

[22]  Oded Maler,et al.  Robust Satisfaction of Temporal Logic over Real-Valued Signals , 2010, FORMATS.

[23]  Olivier H. Roux,et al.  Non-Interference Control Synthesis for Security Timed Automata , 2007, Electron. Notes Theor. Comput. Sci..

[24]  Eric Bodden,et al.  Model Checking the Information Flow Security of Real-Time Systems , 2018, ESSoS.

[25]  Joël Ouaknine,et al.  On the decidability and complexity of Metric Temporal Logic over finite words , 2007, Log. Methods Comput. Sci..

[26]  Hsi-Ming Ho,et al.  On the Expressiveness of Metric Temporal Logic over Bounded Timed Words , 2014, RP.

[27]  Florian Lorber,et al.  Bounded Determinization of Timed Automata with Silent Transitions , 2015, FORMATS.

[28]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[29]  Luan Viet Nguyen,et al.  Hyperproperties of real-valued signals , 2017, MEMOCODE.

[30]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[31]  Thomas A. Henzinger,et al.  Real-time logics: complexity and expressiveness , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[32]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.

[33]  AbdullaParosh Aziz,et al.  Universality Analysis for One-Clock Timed Automata , 2008 .

[34]  Joël Ouaknine,et al.  On the language inclusion problem for timed automata: closing a decidability gap , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[35]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[36]  Jan Kretínský,et al.  Owl: A Library for ω-Words, Automata, and LTL , 2018, ATVA.

[37]  Michael Hamburg,et al.  Spectre Attacks: Exploiting Speculative Execution , 2018, 2019 IEEE Symposium on Security and Privacy (SP).

[38]  Bernd Finkbeiner,et al.  Monitoring hyperproperties , 2019, Formal Methods Syst. Des..

[39]  Pierre-Yves Schobbens,et al.  The Regular Real-Time Languages , 1998, ICALP.

[40]  Erika Ábrahám,et al.  HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties , 2018, QEST.

[41]  허윤정,et al.  Holzmann의 ˝The Model Checker SPIN˝에 대하여 , 1998 .

[42]  Bernd Finkbeiner,et al.  Algorithms for Model Checking HyperLTL and HyperCTL ^* , 2015, CAV.

[43]  Marieke Huisman,et al.  A temporal logic characterisation of observational determinism , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[44]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[45]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[46]  Bernd Finkbeiner,et al.  Model Checking Quantitative Hyperproperties , 2018, CAV.

[47]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[48]  Marco Pistore,et al.  Nusmv version 2: an opensource tool for symbolic model checking , 2002, CAV 2002.

[49]  Leslie Lamport,et al.  What Good is Temporal Logic? , 1983, IFIP Congress.

[50]  Thomas Ferrère,et al.  The Compound Interest in Relaxing Punctuality , 2018, FM.

[51]  Dejan Nickovic,et al.  Specification-Based Monitoring of Cyber-Physical Systems: A Survey on Theory, Tools and Applications , 2018, Lectures on Runtime Verification.

[52]  Thomas Wilke,et al.  Specifying Timed State Sequences in Powerful Decidable Logics and Timed Automata , 1994, FTRTFT.

[53]  Rajeev Alur,et al.  Perturbed Timed Automata , 2005, HSCC.

[54]  A. W. Roscoe CSP and determinism in security modelling , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[55]  Parosh Aziz Abdulla,et al.  Universality Analysis for One-Clock Timed Automata , 2009, Fundam. Informaticae.

[56]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[57]  Borzoo Bonakdarpour,et al.  Runtime Verification of k-Safety Hyperproperties in HyperLTL , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[58]  Flemming Nielson,et al.  Secure Information Release in Timed Automata , 2018, POST.

[59]  Bernd Finkbeiner,et al.  MGHyper: Checking Satisfiability of HyperLTL Formulas Beyond the \exists ^*\forall ^* ∃ ∗ ∀ ∗ Fragment , 2018, ATVA.

[60]  Carlo A. Furia,et al.  MTL with Bounded Variability: Decidability and Complexity , 2008, FORMATS.

[61]  Thomas A. Henzinger,et al.  Robust Timed Automata , 1997, HART.

[62]  Alexandre Duret-Lutz,et al.  Spot 2 . 0 — a framework for LTL and ω-automata manipulation , 2016 .

[63]  Bernd Finkbeiner,et al.  EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties , 2017, CAV.

[64]  Thomas A. Henzinger,et al.  A really temporal logic , 1994, JACM.

[65]  Miroslav Pajic,et al.  Opportunities and Challenges in Monitoring Cyber-Physical Systems Security , 2018, ISoLA.

[66]  Antonín Kucera,et al.  The stuttering principle revisited , 2005, Acta Informatica.

[67]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[68]  Ross J. Anderson,et al.  What You Get is What You C: Controlling Side Effects in Mainstream C Compilers , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[69]  Bernd Finkbeiner,et al.  The Complexity of Monitoring Hyperproperties , 2018, 2018 IEEE 31st Computer Security Foundations Symposium (CSF).

[70]  Paul Gastin,et al.  Characterization of the Expressive Power of Silent Transitions in Timed Automata , 1998, Fundam. Informaticae.