Runtime Monitoring for Uncertain Times

In Runtime Verification (RV), monitors check programs for correct operation at execution time. Also called Runtime Monitoring, RV offers advantages over other approaches to program verification. Efficient monitoring is possible for programs where static checking is cost-prohibitive. Runtime monitors may test for execution faults like hardware failure, as well as logical faults. Unlike simple log checking, monitors are typically constructed using formal languages and methods that precisely define expectations and guarantees. Despite the advantages of RV, however, adoption remains low. Applying Runtime Monitoring techniques to real systems requires addressing practical concerns that have garnered little attention from researchers. System operators need monitors that provide immediate diagnostic information before and after failures, that are simple to operate over distributed systems, and that remain reliable when communication is not. These challenges are solvable, and solving them is a necessary step towards widespread RV deployment. This thesis provides solutions to these and other barriers to practical Runtime Monitoring. We address the need for reporting diagnostic information from monitored programs with nfer, a language and system for event stream abstraction. Nfer supports the automatic extraction of the structure of real-time software and includes integrations with popular programming languages. We also provide for the operation of nfer and other monitoring tools over distributed systems with Palisade, a framework built for low-latency detection of embedded system anomalies. Finally, we supply a method to ensure program properties may be monitored despite unreliable communication channels. We classify monitorable properties over general unreliable conditions and define an algorithm for when more specific conditions are known

10451 Abstracts Collection -- Runtime Verification, Diagnosis, Planning and Control for Autonomous Systems

From November 7 to 12, 2010, the Dagstuhl Seminar 10451 ``Runtime Verification, Diagnosis, Planning and Control for Autonomous Systems\u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics. During the seminar, 35 participants presented their current research and discussed ongoing work and open problems. This document puts together abstracts of the presentations given during the seminar, and provides links to extended abstracts or full papers, if available

Runtime verification on data-carrying traces

Malfunctioning software systems can cause severe loss of money, sensitive data, or even human life. The ambition is therefore to verify these systems not only statically, but also monitor their behaviour at runtime. For the latter case, the temporal logic LTL---a de facto standard specification formalism in runtime verification---is widely used and well-understood. However, propositional variables are usually not a natural nor sufficient model to represent the behaviour of complex, interactive systems that can process arbitrary input values. Consequently, there is a demand for more expressive formalisms that are defined what we call traces with data, i.e., traces that contain propositions enriched with values from a (possibly) infinite domain. This thesis studies the runtime monitoring with data for a natural extension of LTL that includes first-order quantification, called LTLFO. The logic's quantifiers range over values that appear in a trace. Under assumptions laid out of what should arguably be considered a ``proper'' runtime monitor, this thesis first identifies and analyses the underlying decision problems of monitoring properties in LTL and LTLFO. Moreover, it proposes a monitoring procedure for the latter. A result is that LTLFO is undecidable, and the prefix problem too, which an online monitor has to preferably solve to coincide with monotonicity. Hence, the obtained monitor cannot be complete for LTLFO; however, this thesis proves the soundness of its construction and gives experimental results from an implementation, in order to justify its usefulness and efficiency in practice. The monitor is based on a new type of automaton, called spawning automaton; it helps to efficiently decide what parts of a possibly infinite state space need to be memorised at runtime. Furthermore, the problem occurs that not every property can be monitored trace-length independently, which is possible in LTL. For that reason, a hierarchy of effectively monitorable properties is proposed. It distinguishes properties for which a monitor requires only constant memory from ones for which a monitor inevitably has to grow ad infinitum, independently of how the future of a trace evolves. Last but not least, a proof of concept validates the monitoring means developed in this thesis on a widely established system with intensive data use: Malicious behaviour is checked on Android devices based on the most comprehensive malware set presently available. The overall detection and false positive rates are 93.9% and 28%, respectively. As a means of conducting the experiments and as a contribution in itself, an application-agnostic logging-layer for the Android system has been developed and its technical insights are explained. It aims at leveraging runtime verification techniques on Android, like other domain-specific instrumentation approaches did, such as AspectJ for Java

A Term-based Approach for Generating Finite Automata from Interaction Diagrams

Non-deterministic Finite Automata (NFA) represent regular languages concisely, increasing their appeal for applications such as word recognition. This paper proposes a new approach to generate NFA from an interaction language such as UML Sequence Diagrams or Message Sequence Charts. Via an operational semantics, we generate a NFA from a set of interactions reachable using the associated execution relation. In addition, by applying simplifications on reachable interactions to merge them, it is possible to obtain reduced NFA without relying on costly NFA reduction techniques. Experimental results regarding NFA generation and their application in trace analysis are also presented.Comment: 29 pages (15 pages paper, 3 pages references, 11 pages appendix) 9 figures in paper, 14 figures in appendi

Parameter Invariant Monitoring for Signal Temporal Logic

Signal Temporal Logic (STL) is a prominent specification formalism for real-time systems, and monitoring these specifications, specially when (for different reasons such as learning) behavior of systems can change over time, is quite important. There are three main challenges in this area: (1) full observation of system state is not possible due to noise or nuisance parameters, (2) the whole execution is not available during the monitoring, and (3) computational complexity of monitoring continuous time signals is very high. Although, each of these challenges has been addressed by different works, to the best of our knowledge, no one has addressed them all together. In this paper, we show how to extend any parameter invariant test procedure for single points in time to a parameter invariant test procedure for efficiently monitoring continuous time executions of a system against STL properties. We also show, how to extend probabilistic error guarantee of the input test procedure to a probabilistic error guarantee for the constructed test procedure

Syntactic approaches to negative results in process algebras and modal logics

Concurrency as a phenomenon is observed in most of the current computer science trends. However the inherent complexity of analyzing the behavior of such a system is incremented due to the many different models of concurrency, the variety of applications and architectures, as well as the wide spectrum of specification languages and demanded correctness criteria. For the scope of this thesis we focus on state based models of concurrent computation, and on modal logics as specification languages. First we study syntactically the process algebras that describe several different concurrent behaviors, by analyzing their equational theories. Here, we use well-established techniques from the equational logic of processes to older and newer setups, and then transition to the use of more general and novel methods for the syntactical analysis of models of concurrent programs and specification languages. Our main contributions are several positive and negative axiomatizability results over various process algebraic languages and equivalences, along with some complexity results over the satisfiability of multi-agent modal logic with recursion, as a specification language.Samhliða sem fyrirbæri sést í flestum núverandi tölvunarfræði stefnur. Hins vegar er eðlislægt flókið að greina hegðun slíks kerfis- tem er aukið vegna margra mismunandi gerða samhliða, fjölbreytileikans af forritum og arkitektúr, svo og breitt svið forskrifta mælikvarða og kröfðust réttmætisviðmiða. Fyrir umfang þessarar ritgerðar leggjum við áherslu á ástandsbundin líkön af samhliða útreikningum og á formlegum rökfræði sem forskrift tungumálum. Fyrst skoðum við setningafræðilega ferlialgebrurnar sem lýsa nokkrum mismunandi samhliða hegðun, með því að greina jöfnukenningar þeirra. Hér notum við rótgróin tækni mynda jöfnunarrökfræði ferla til eldri og nýrri uppsetningar, og síðan umskipti yfir í notkun almennari og nýrra aðferða fyrir setningafræðileg greining á líkönum samhliða forrita og forskriftartungumála. Helstu framlög okkar eru nokkrar jákvæðar og neikvæðar niðurstöður um axiomatizability yfir ýmis ferli algebrumál og jafngildi, ásamt nokkrum samSveigjanleiki leiðir af því að fullnægjanleiki fjölþátta formrökfræði með endurkomu, sem a forskrift tungumál.RANNIS: `Open Problems in the Equational Logic of Processes’ (OPEL) (grant No 196050-051) Reykjavik University research fund: `Runtime and Equational Verification of Concurrent Programs' (ReVoCoP) (grant No 222021