Model Checking Timed Hyperproperties in Discrete-Time Systems

Many important timed requirements of computing systems cannot be described by the behavior of individual execution traces. Examples include countermeasures to deal with side-channel timing attacks and service-level agreements, which are examples of timed hyperproperties. In this paper, we propose the temporal logic HyperMTL, that extends MTL by allowing explicit and simultaneous quantification over multiple timed traces in the point-wise semantics. We demonstrate the application of HyperMTL in expressing important properties in information-flow security and cyber-physical systems. We also introduce a model checking algorithm for a nontrivial fragment of HyperMTL by reducing the problem to model checking untimed hyperproperties.

[1]  Pierre Wolper,et al.  Automata theoretic techniques for modal logics of programs: (Extended abstract) , 1984, STOC '84.

[2]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[3]  Bernd Finkbeiner,et al.  Verifying Security Policies in Multi-agent Workflows with Loops , 2017, CCS.

[4]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[5]  Bernd Finkbeiner,et al.  Verifying Hyperliveness , 2020, CAV.

[6]  Erika Ábrahám,et al.  HyperPCTL: A Temporal Logic for Probabilistic Hyperproperties , 2018, QEST.

[7]  Bernd Finkbeiner,et al.  Model Checking Quantitative Hyperproperties , 2018, CAV.

[8]  Bernd Finkbeiner,et al.  MGHyper: Checking Satisfiability of HyperLTL Formulas Beyond the ∃ * ∀ * Fragment. , 2019 .

[9]  Bernd Finkbeiner,et al.  Monitoring Hyperproperties , 2017, RV.

[10]  Eitan M. Gurari,et al.  Introduction to the theory of computation , 1989 .

[11]  Borzoo Bonakdarpour,et al.  Runtime Verification of k-Safety Hyperproperties in HyperLTL , 2016, 2016 IEEE 29th Computer Security Foundations Symposium (CSF).

[12]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..

[13]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[14]  Bernd Finkbeiner,et al.  Synthesizing Reactive Systems from Hyperproperties , 2018, CAV.

[15]  Bernd Finkbeiner,et al.  MGHyper: Checking Satisfiability of HyperLTL Formulas Beyond the \exists ^*\forall ^* ∃ ∗ ∀ ∗ Fragment , 2018, ATVA.

[16]  Dominique Devriese,et al.  Noninterference through Secure Multi-execution , 2010, 2010 IEEE Symposium on Security and Privacy.

[17]  Bernd Finkbeiner,et al.  Temporal Logics for Hyperproperties , 2013, POST.

[18]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[19]  Timothy M. Jones,et al.  On Verifying Timed Hyperproperties , 2018, TIME.

[20]  Umair Siddique,et al.  Rewriting-Based Runtime Verification for Alternation-Free HyperLTL , 2017, TACAS.

[21]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[22]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[23]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[24]  César Sánchez,et al.  Gray-box Monitoring of Hyperproperties (Extended Version) , 2019, FM.

[25]  Luan Viet Nguyen,et al.  Hyperproperties of real-valued signals , 2017, MEMOCODE.

[26]  César Sánchez,et al.  Monitoring Hyperproperties by Combining Static Analysis and Runtime Verification , 2018, ISoLA.

[27]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[28]  Bernd Finkbeiner,et al.  Algorithms for Model Checking HyperLTL and HyperCTL ^* , 2015, CAV.

[29]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[30]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[31]  Bernd Finkbeiner,et al.  Program Repair for Hyperproperties , 2019, ATVA.

[32]  Andrew C. Myers,et al.  Observational determinism for concurrent program security , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[33]  Bernd Finkbeiner,et al.  RVHyper: A Runtime Verification Tool for Temporal Hyperproperties , 2018, TACAS.

[34]  Bernd Finkbeiner,et al.  EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties , 2017, CAV.

[35]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[36]  Christopher Hahn,et al.  Constraint-Based Monitoring of Hyperproperties , 2019, TACAS.