2,163 research outputs found
A Declarative Framework for Specifying and Enforcing Purpose-aware Policies
Purpose is crucial for privacy protection as it makes users confident that
their personal data are processed as intended. Available proposals for the
specification and enforcement of purpose-aware policies are unsatisfactory for
their ambiguous semantics of purposes and/or lack of support to the run-time
enforcement of policies.
In this paper, we propose a declarative framework based on a first-order
temporal logic that allows us to give a precise semantics to purpose-aware
policies and to reuse algorithms for the design of a run-time monitor enforcing
purpose-aware policies. We also show the complexity of the generation and use
of the monitor which, to the best of our knowledge, is the first such a result
in literature on purpose-aware policies.Comment: Extended version of the paper accepted at the 11th International
Workshop on Security and Trust Management (STM 2015
Runtime Enforcement for Component-Based Systems
Runtime enforcement is an increasingly popular and effective dynamic
validation technique aiming to ensure the correct runtime behavior (w.r.t. a
formal specification) of systems using a so-called enforcement monitor. In this
paper we introduce runtime enforcement of specifications on component-based
systems (CBS) modeled in the BIP (Behavior, Interaction and Priority)
framework. BIP is a powerful and expressive component-based framework for
formal construction of heterogeneous systems. However, because of BIP
expressiveness, it remains difficult to enforce at design-time complex
behavioral properties.
First we propose a theoretical runtime enforcement framework for CBS where we
delineate a hierarchy of sets of enforceable properties (i.e., properties that
can be enforced) according to the number of observational steps a system is
allowed to deviate from the property (i.e., the notion of k-step
enforceability). To ensure the observational equivalence between the correct
executions of the initial system and the monitored system, we show that i) only
stutter-invariant properties should be enforced on CBS with our monitors, ii)
safety properties are 1-step enforceable. Given an abstract enforcement monitor
(as a finite-state machine) for some 1-step enforceable specification, we
formally instrument (at relevant locations) a given BIP system to integrate the
monitor. At runtime, the monitor observes and automatically avoids any error in
the behavior of the system w.r.t. the specification. Our approach is fully
implemented in an available tool that we used to i) avoid deadlock occurrences
on a dining philosophers benchmark, and ii) ensure the correct placement of
robots on a map.Comment: arXiv admin note: text overlap with arXiv:1109.5505 by other author
On Synchronous and Asynchronous Monitor Instrumentation for Actor-based systems
We study the impact of synchronous and asynchronous monitoring
instrumentation on runtime overheads in the context of a runtime verification
framework for actor-based systems. We show that, in such a context,
asynchronous monitoring incurs substantially lower overhead costs. We also show
how, for certain properties that require synchronous monitoring, a hybrid
approach can be used that ensures timely violation detections for the important
events while, at the same time, incurring lower overhead costs that are closer
to those of an asynchronous instrumentation.Comment: In Proceedings FOCLASA 2014, arXiv:1502.0315
COST Action IC 1402 ArVI: Runtime Verification Beyond Monitoring -- Activity Report of Working Group 1
This report presents the activities of the first working group of the COST
Action ArVI, Runtime Verification beyond Monitoring. The report aims to provide
an overview of some of the major core aspects involved in Runtime Verification.
Runtime Verification is the field of research dedicated to the analysis of
system executions. It is often seen as a discipline that studies how a system
run satisfies or violates correctness properties. The report exposes a taxonomy
of Runtime Verification (RV) presenting the terminology involved with the main
concepts of the field. The report also develops the concept of instrumentation,
the various ways to instrument systems, and the fundamental role of
instrumentation in designing an RV framework. We also discuss how RV interplays
with other verification techniques such as model-checking, deductive
verification, model learning, testing, and runtime assertion checking. Finally,
we propose challenges in monitoring quantitative and statistical data beyond
detecting property violation
Knowledge Representation Concepts for Automated SLA Management
Outsourcing of complex IT infrastructure to IT service providers has
increased substantially during the past years. IT service providers must be
able to fulfil their service-quality commitments based upon predefined Service
Level Agreements (SLAs) with the service customer. They need to manage, execute
and maintain thousands of SLAs for different customers and different types of
services, which needs new levels of flexibility and automation not available
with the current technology. The complexity of contractual logic in SLAs
requires new forms of knowledge representation to automatically draw inferences
and execute contractual agreements. A logic-based approach provides several
advantages including automated rule chaining allowing for compact knowledge
representation as well as flexibility to adapt to rapidly changing business
requirements. We suggest adequate logical formalisms for representation and
enforcement of SLA rules and describe a proof-of-concept implementation. The
article describes selected formalisms of the ContractLog KR and their adequacy
for automated SLA management and presents results of experiments to demonstrate
flexibility and scalability of the approach.Comment: Paschke, A. and Bichler, M.: Knowledge Representation Concepts for
Automated SLA Management, Int. Journal of Decision Support Systems (DSS),
submitted 19th March 200
ADsafety: Type-Based Verification of JavaScript Sandboxing
Web sites routinely incorporate JavaScript programs from several sources into
a single page. These sources must be protected from one another, which requires
robust sandboxing. The many entry-points of sandboxes and the subtleties of
JavaScript demand robust verification of the actual sandbox source. We use a
novel type system for JavaScript to encode and verify sandboxing properties.
The resulting verifier is lightweight and efficient, and operates on actual
source. We demonstrate the effectiveness of our technique by applying it to
ADsafe, which revealed several bugs and other weaknesses.Comment: in Proceedings of the USENIX Security Symposium (2011
Event Stream Processing with Multiple Threads
Current runtime verification tools seldom make use of multi-threading to
speed up the evaluation of a property on a large event trace. In this paper, we
present an extension to the BeepBeep 3 event stream engine that allows the use
of multiple threads during the evaluation of a query. Various parallelization
strategies are presented and described on simple examples. The implementation
of these strategies is then evaluated empirically on a sample of problems.
Compared to the previous, single-threaded version of the BeepBeep engine, the
allocation of just a few threads to specific portions of a query provides
dramatic improvement in terms of running time
- …