77 research outputs found
A Temporal Abductive Diagnostic Process for Runtime Properties Violations
Monitoring the operation of complex softare systems at runtime can detect violations of certain properties of interest but cannot always provide diagnostic information which is significant for understanding the cause of the violation and the adoption of appropriate countermeasures against it. In this paper, we describe a process for diagnosing runtime violations of security and dependability properties that we have developed as part of a general runtime monitoring framework that is based on Event Calculus. The diagnosis generation process is based on a combination of abductive, temporal and evidential reasoning over violations of system properties
Recommended from our members
Assessing the genuineness of events in runtime monitoring of cyber systems
Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper
Recommended from our members
Diagnosing runtime violations of security and dependability properties
Monitoring the preservation of security and dependability (S&D) properties of complex software systems is widely accepted as a necessity. Basic monitoring can detect violations but does not always provide sufficient information for deciding what the appropriate response to a violation is. Such decisions often require additional diagnostic information that explains why a violation has occurred and can, therefore, indicate what would be an appropriate response action to it. In this thesis, we describe a diagnostic procedure for generating explanations of violations of S&D properties developed as extension of a runtime monitoring framewoek, called EVEREST. The procedure is based on a combination of abductive and evidential reasoning about violations of S&D properties which are expressed in Event Calculus
Recommended from our members
Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework
The SERENITY monitoring framework offers mechanisms for diagnosing the causes of violations of security and dependability (S&D) properties and detecting potential violations of such properties, called “threats”. Diagnostic information and threat detection are often necessary for deciding what an appropriate reaction to a violation is and taking pre-emptive actions against predicted violations, respectively. In this chapter, we describe the mechanisms of the SERENITY monitoring framework which generate diagnostic information for violations of S&D properties and detecting threats
Diagnosing runtime violations of security and dependability properties
Monitoring the preservation of security and dependability (S&D) properties of complex software systems is widely accepted as a necessity. Basic monitoring can detect violations but does not always provide sufficient information for deciding what the appropriate response to a violation is. Such decisions often require additional diagnostic information that explains why a violation has occurred and can, therefore, indicate what would be an appropriate response action to it. In this thesis, we describe a diagnostic procedure for generating explanations of violations of S&D properties developed as extension of a runtime monitoring framewoek, called EVEREST. The procedure is based on a combination of abductive and evidential reasoning about violations of S&D properties which are expressed in Event Calculus.EThOS - Electronic Theses Online ServiceGBUnited Kingdo
Compliance of Semantic Constraints - A Requirements Analysis for Process Management Systems
Key to the use of process management systems (PrMS) in
practice is their ability to facilitate the implementation, execution, and adaptation of business processes while still being able to ensure error-free process executions. Mechanisms have been developed to prevent errors
at the syntactic level such as deadlocks. In many application domains, processes often have to comply with business level rules and policies (i.e., semantic constraints). Hence, in order to ensure error-free executions at the semantic level, PrMS need certain control mechanisms for validating and ensuring the compliance with semantic constraints throughout the process lifecycle. In this paper, we discuss fundamental requirements for
a comprehensive support of semantic constraints in PrMS. Moreover, we provide a survey on existing approaches and discuss to what extent they meet the requirements and which challenges still have to be tackled.
Finally, we show how the challenge of life time compliance can be dealt with by integrating design time and runtime process validation
Ensuring Compliance of Distributed and Collaborative Workflows
Automated workflows must comply with domain-specific regulations, standards and rules. So far, compliance issues have been mainly addressed in the context of intra-organizational workflows. In turn, there exists only little work dealing with compliance of distributed and collaborative workflows. As opposed to intra-organizational workflows, for distributed and collaborative workflows compliance must be addressed at different levels. This includes local compliance rules of a particular partner as well as global compliance rules to be obeyed by multiple partners collaborating in the distributed workflow. As a particular challenge, the private elements of a particular partner workflow are hidden to the partners and hence not known by them. Accordingly, only limited information is available when checking compliance of distributed and collaborative workflows. This paper introduces techniques enabling compliance checking for distributed and collaborative workflows, taking these privacy constraints into account. Hence it enables ensuring compliance of distributed and collaborative workflows at design time
Recommended from our members
Initialisation Problems in Feature Composition
Composing features that have inconsistent requirements may lead to feature interactions that violate requirements satisfied by each feature in isolation. These interactions manifest themselves as conflicts on shared resources. Arbitration is a common approach to resolving such conflicts that uses prioritisation to decide which feature has access to resources when there is a conflict. However, arbitration alone does not guarantee satisfaction of the requirement of the feature that eventually gains access to a resource. This is because arbitration does not take into account that the resource may be in a state that is inconsistent with that expected by the feature. We call this the initialisation problem.
In this thesis we propose an approach to addressing the initialisation problem which combines arbitration with contingencies. Contingency means having several specifications per feature satisfying the same requirement, depending on the current resource state. We illustrate and validate our approach by applying it to resolving conflicts between features in smart home and automotive domains. The validation shows that contingencies complement arbitration by enabling satisfaction of the requirement of the feature that eventually gains access to a shared resource, regardless of the current state of the resource.
The main contribution of this thesis is an approach to analysing initialisation concerns in feature composition. At the core of our approach is an explicit consideration of all possible states of a resource as potential initial states. Given each initial state we then derive corresponding specifications that would enable a feature to satisfy its requirement in those states. We show that our approach to initialisation problems is relevant to addressing the feature interaction problem by characterising some types of conflicts as initialisation concerns
Enabling Multi-Perspective Business Process Compliance
A particular challenge for any enterprise is to ensure that its business processes conform with compliance rules, i.e., semantic constraints on the multiple perspectives of the business processes. Compliance rules stem, for example, from legal regulations, corporate best practices, domain-specific guidelines, and industrial standards. In general, compliance rules are multi-perspective, i.e., they not only restrict the process behavior (i.e. control flow), but may refer to other process perspectives (e.g. time, data, and resources) and the interactions (i.e. message exchanges) of a business process with other processes as well.
The aim of this thesis is to improve the specification and verification of multi-perspective process compliance based on three contributions:
1. The extended Compliance Rule Graph (eCRG) language, which enables the visual modeling of multi-perspective compliance rules. Besides control flow, the latter may refer to the time, data, resource, and interaction perspectives of a business process.
2. A framework for multi-perspective monitoring of the compliance of running processes with a given set of eCRG compliance rules.
3. Techniques for verifying business process compliance with respect to the interaction perspective. In particular, we consider compliance verification for cross-organizational
business processes, for which solely incomplete process knowledge is available.
All contributions were thoroughly evaluated through proof-of-concept prototypes, case studies, empirical studies, and systematic comparisons with related works
A Visual Language for Modeling Business Process Compliance Rules
A fundamental challenge for enterprises is to ensure compliance of their business processes with imposed compliance rules stemming from various sources, e.g., corporate guidelines, best practices, standards, and laws.
In general, a compliance rule may refer to multiple process perspectives including control flow, time, data, resources, and interactions with business partners.
On one hand, compliance rules should be comprehensible for domain experts who must define, verify and apply them.
On the other, these rules should have a precise semantics to avoid ambiguities and enable their automated processing.
Providing a visual language is advantageous in this context as it allows hiding formal details and offering an intuitive way of modeling the compliance rules.
However, existing visual languages for compliance rule modeling have focused on the control flow perspective so far, but lack proper support for the other process perspectives.
To remedy this drawback, this paper introduces the extended Compliance Rule Graph language, which enables the visual modeling of compliance rules with the support of multiple perspectives.
Overall, this language will foster the modeling and verification of compliance rules in practice
- …