4 research outputs found
Ain't No Stopping Us Monitoring Now
Not all properties are monitorable. This is a well-known fact, and it means
there exist properties that cannot be fully verified at runtime. However, given
a non-monitorable property, a monitor can still be synthesised, but it could
end up in a state where no verdict will ever be concluded on the satisfaction
(resp., violation) of the property. For this reason, non-monitorable properties
are usually discarded. In this paper, we carry out an in-depth analysis on
monitorability, and how non-monitorable properties can still be partially
verified. We present our theoretical results at a semantic level, without
focusing on a specific formalism. Then, we show how our theory can be applied
to achieve partial runtime verification of Linear Temporal Logic (LTL)
Runtime verification on data-carrying traces
Malfunctioning software systems can cause severe loss of money,
sensitive data, or even human life. The ambition is therefore to
verify these systems not only statically, but also monitor their
behaviour at runtime. For the latter case, the temporal logic
LTL---a de facto standard specification formalism in runtime
verification---is widely used and well-understood. However,
propositional variables are usually not a natural nor sufficient
model to represent the behaviour of complex, interactive systems
that can process arbitrary input values. Consequently, there is a
demand for more expressive formalisms that are defined what we
call traces with data, i.e., traces that contain propositions
enriched with values from a (possibly) infinite domain.
This thesis studies the runtime monitoring with data for a
natural extension of LTL that includes first-order
quantification, called LTLFO. The logic's quantifiers range over
values that appear in a trace. Under assumptions laid out of what
should arguably be considered a ``proper'' runtime monitor, this
thesis first identifies and analyses the underlying decision
problems of monitoring properties in LTL and LTLFO. Moreover, it
proposes a monitoring procedure for the latter. A result is that
LTLFO is undecidable, and the prefix problem too, which an online
monitor has to preferably solve to coincide with monotonicity.
Hence, the obtained monitor cannot be complete for LTLFO;
however, this thesis proves the soundness of its construction and
gives experimental results from an implementation, in order to
justify its usefulness and efficiency in practice. The monitor is
based on a new type of automaton, called spawning automaton; it
helps to efficiently decide what parts of a possibly infinite
state space need to be memorised at runtime. Furthermore, the
problem occurs that not every property can be monitored
trace-length independently, which is possible in LTL. For that
reason, a hierarchy of effectively monitorable properties is
proposed. It distinguishes properties for which a monitor
requires only constant memory from ones for which a monitor
inevitably has to grow ad infinitum, independently of how the
future of a trace evolves.
Last but not least, a proof of concept validates the monitoring
means developed in this thesis on a widely established system
with intensive data use: Malicious behaviour is checked on
Android devices based on the most comprehensive malware set
presently available. The overall detection and false positive
rates are 93.9% and 28%, respectively. As a means of conducting
the experiments and as a contribution in itself, an
application-agnostic logging-layer for the Android system has
been developed and its technical insights are explained. It aims
at leveraging runtime verification techniques on Android, like
other domain-specific instrumentation approaches did, such as
AspectJ for Java
Impartial Anticipation in Runtime-Verification.
In this paper, a uniform approach for synthesizing monitors checking correctness properties specified in linear-time logics at runtime is provided. Therefore, a generic three-valued semantics is introduced reflecting the idea that prefixes of infinite computations are checked. Then a conceptual framework to synthesize monitors from a logical specification to check an execution incrementally is established, with special focus on resorting to the automata-theoretic approach. The merits of the presented framework are shown by providing monitor synthesis approaches for a variety of different logics such as LTL, the linear-time μ-calculus, PLTLmod, SiS, and RLTL. © 2008 Springer Berlin Heidelberg
Impartial Anticipation in Runtime-Verification ⋆
Abstract. In this paper, a uniform approach for synthesizing monitors checking correctness properties specified in linear-time logics at runtime is provided. Therefore, a generic three-valued semantics is introduced reflecting the idea that prefixes of infinite computations are checked. Then a conceptual framework to synthesize monitors from a logical specification to check an execution incrementally is established, with special focus on resorting to the automata-theoretic approach. The merits of the presented framework are shown by providing monitor synthesis approaches for a variety of different logics such as LTL, the linear-time µ-calculus, PLTL mod, S1S, and RLTL.