36,806 research outputs found
Introduction to Runtime Verification
International audienceThe aim of this chapter is to act as a primer for those wanting to learn about Runtime Verification (RV). We start by providing an overview of the main specification languages used for RV. We then introduce the standard terminology necessary to describe the monitoring problem, covering the pragmatic issues of monitoring and instrumentation, and discussing extensively the monitorability problem
ScaRR: Scalable Runtime Remote Attestation for Complex Systems
The introduction of remote attestation (RA) schemes has allowed academia and
industry to enhance the security of their systems. The commercial products
currently available enable only the validation of static properties, such as
applications fingerprint, and do not handle runtime properties, such as
control-flow correctness. This limitation pushed researchers towards the
identification of new approaches, called runtime RA. However, those mainly work
on embedded devices, which share very few common features with complex systems,
such as virtual machines in a cloud. A naive deployment of runtime RA schemes
for embedded devices on complex systems faces scalability problems, such as the
representation of complex control-flows or slow verification phase.
In this work, we present ScaRR: the first Scalable Runtime Remote attestation
schema for complex systems. Thanks to its novel control-flow model, ScaRR
enables the deployment of runtime RA on any application regardless of its
complexity, by also achieving good performance. We implemented ScaRR and tested
it on the benchmark suite SPEC CPU 2017. We show that ScaRR can validate on
average 2M control-flow events per second, definitely outperforming existing
solutions.Comment: 14 page
A Runtime Verification and Validation Framework for Self-Adaptive Software
The concepts that make self-adaptive software attractive also make it more difficult for users to gain confidence that these systems will consistently meet their goals under uncertain context. To improve user confidence in self-adaptive behavior, machine-readable conceptual models have been developed to instrument the adaption behavior of the target software system and primary feedback loop. By comparing these machine-readable models to the self-adaptive system, runtime verification and validation may be introduced as another method to increase confidence in self-adaptive systems; however, the existing conceptual models do not provide the semantics needed to institute this runtime verification or validation. This research confirms that the introduction of runtime verification and validation for self-adaptive systems requires the expansion of existing conceptual models with quality of service metrics, a hierarchy of goals, and states with temporal transitions. Based on this expanded semantics, runtime verification and validation was introduced as a second-level feedback loop to improve the performance of the primary feedback loop and quantitatively measure the quality of service achieved in a state-based, self-adaptive system. A web-based purchasing application running in a cloud-based environment was the focus of experimentation. In order to meet changing customer purchasing demand, the self-adaptive system monitored external context changes and increased or decreased available application servers. The runtime verification and validation system operated as a second-level feedback loop to monitor quality of service goals based on internal context, and corrected self-adaptive behavior when goals are violated. Two competing quality of service goals were introduced to maintain customer satisfaction while minimizing cost. The research demonstrated that the addition of a second-level runtime verification and validation feedback loop did quantitatively improve self-adaptive system performance even with simple, static monitoring rules
COST Action IC 1402 ArVI: Runtime Verification Beyond Monitoring -- Activity Report of Working Group 1
This report presents the activities of the first working group of the COST
Action ArVI, Runtime Verification beyond Monitoring. The report aims to provide
an overview of some of the major core aspects involved in Runtime Verification.
Runtime Verification is the field of research dedicated to the analysis of
system executions. It is often seen as a discipline that studies how a system
run satisfies or violates correctness properties. The report exposes a taxonomy
of Runtime Verification (RV) presenting the terminology involved with the main
concepts of the field. The report also develops the concept of instrumentation,
the various ways to instrument systems, and the fundamental role of
instrumentation in designing an RV framework. We also discuss how RV interplays
with other verification techniques such as model-checking, deductive
verification, model learning, testing, and runtime assertion checking. Finally,
we propose challenges in monitoring quantitative and statistical data beyond
detecting property violation
Efficient Symmetry Reduction and the Use of State Symmetries for Symbolic Model Checking
One technique to reduce the state-space explosion problem in temporal logic
model checking is symmetry reduction. The combination of symmetry reduction and
symbolic model checking by using BDDs suffered a long time from the
prohibitively large BDD for the orbit relation. Dynamic symmetry reduction
calculates representatives of equivalence classes of states dynamically and
thus avoids the construction of the orbit relation. In this paper, we present a
new efficient model checking algorithm based on dynamic symmetry reduction. Our
experiments show that the algorithm is very fast and allows the verification of
larger systems. We additionally implemented the use of state symmetries for
symbolic symmetry reduction. To our knowledge we are the first who investigated
state symmetries in combination with BDD based symbolic model checking
Feature-Aware Verification
A software product line is a set of software products that are distinguished
in terms of features (i.e., end-user--visible units of behavior). Feature
interactions ---situations in which the combination of features leads to
emergent and possibly critical behavior--- are a major source of failures in
software product lines. We explore how feature-aware verification can improve
the automatic detection of feature interactions in software product lines.
Feature-aware verification uses product-line verification techniques and
supports the specification of feature properties along with the features in
separate and composable units. It integrates the technique of variability
encoding to verify a product line without generating and checking a possibly
exponential number of feature combinations. We developed the tool suite
SPLverifier for feature-aware verification, which is based on standard
model-checking technology. We applied it to an e-mail system that incorporates
domain knowledge of AT&T. We found that feature interactions can be detected
automatically based on specifications that have only feature-local knowledge,
and that variability encoding significantly improves the verification
performance when proving the absence of interactions.Comment: 12 pages, 9 figures, 1 tabl
- …