Compliance Checking in the Open Payments Ecosystem

Azzopardi, Shaun; Colombo, Christian; Pace, Gordon J.; Vella, Brian

doi:10.1007/978-3-319-41591-8_23

Cited by 4 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is worth noting that due to the differences in the analysis techniques, our tool does not build directly on Clara, although it uses the Soot [19] tool for Java program analysis. The tool was evaluated them on a simple financial transaction system with users connecting to a proxy in order to enable communication with a transaction server inspired by the industrial systems we have previously used runtime verification on [8]. The proxy and the transaction server can be two different services (the client and provider), possibly provided by different providers, with the property specifying the behaviour that the transaction server expects out of the proxy.…”

Section: Unusable Transition Pruningmentioning

confidence: 99%

“…The need for verification of a system to be able to make some guarantees about execution paths, and going beyond sampling of such paths (as done in testing), is required for critical or sensitive software (e.g. financial software [8]). The literature can be largely split into two main approaches: (i) full a priori verification of all possible execution paths through model checking, static analysis and similar techniques, and (ii) on-the-fly verification of execution paths to ensure that any potential violation can be immediately truncated as in runtime verification.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Control-Flow Residual Analysis for Symbolic Automata

Azzopardi

Colombo

Pace

2017

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

Where full static analysis of systems fails to scale up due to system size, dynamic monitoring has been increasingly used to ensure system correctness. The downside is, however, runtime overheads which are induced by the additional monitoring code instrumented. To address this issue, various approaches have been proposed in the literature to use static analysis in order to reduce monitoring overhead. In this paper we generalise existing work which uses control-flow static analysis to optimise properties specified as automata, and prove how similar analysis can be applied to more expressive symbolic automata -enabling reduction of monitoring instrumentation in the system, and also monitoring logic. We also present empirical evidence of the effectiveness of this approach through an analysis of the effect of monitoring overheads in a financial transaction system.

show abstract

Section: Unusable Transition Pruningmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Control-Flow Residual Analysis for Symbolic Automata

Azzopardi

Colombo

Pace

2017

Electron. Proc. Theor. Comput. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The technique has fostered a number of verification tools such as [30,12,19,10,16,37,21,18,39,27,20,6,38], to name but a few. It has also been used for a variety of applications, ranging from checking the executions of the NASA Mars Rover software [12] and other autonomous research vehicles [28], to more mundane tasks such as checking for rule violations in financial systems [8], video games [40] and electronic examinations [29]. At its core, RV generally assumes a logic describing the correctness specifications that are expected to be satisfied by the SUS.…”

Section: Introductionmentioning

confidence: 99%

A Foundation for Runtime Monitoring

Francalanza

Aceto

Achilleos

et al. 2017

Runtime Verification

View full text Add to dashboard Cite

Runtime Verification is a lightweight technique that complements other verification methods in an effort to ensure software correctness. The technique poses novel questions to software engineers: it is not easy to identify which specifications are amenable to runtime monitoring, nor is it clear which monitors effect the required runtime analysis correctly. This exposition targets a foundational understanding of these questions. Particularly, it considers an expressive specification logic (a syntactic variant of the modal µ-calculus) that is agnostic of the verification method used, together with an elemental framework providing an operational semantics for the runtime analysis performed by monitors. The correspondence between the property satisfactions in the logic on the one hand, and the verdicts reached by the monitors performing the analysis on the other, is a central theme of the study. Such a correspondence underpins the concept of monitorability, used to identify the subsets of the logic that can be adequately monitored for by RV. Another theme of the study is that of understanding what should be expected of a monitor in order for the verification process to be correct. We show how the monitor framework considered can constitute a basis whereby various notions of monitor correctness may be defined and investigated.

show abstract

“…Twelve of these can be verified statically at compile-time (see [1,2] for more information), while eleven are done at runtime, i.e. checked using Valour.…”

Section: Real-life Use Of Valourmentioning

confidence: 99%

“…Over the past two years, we have been working on techniques to integrate runtime verification technology into the Open Payments Ecosystem (OPE) [2], an industrial system developed by Ixaris Ltd., which is planned to handle high volumes of financial transactions across different user applications and financial institutions. Compliance to legislation and correctness are critical in this domain, and the risk of failure due to the runtime verification module had to be mitigated.…”

Section: Introductionmentioning

confidence: 99%

Runtime Verification using VALOUR

Azzopardi

Colombo

Ebejer

et al.

Kalpa Publications in Computing

Self Cite

View full text Add to dashboard Cite

In this paper we give an overview of Valour, a runtime verification tool which has been developed in the context of a project to act as a backend verification tool for financial transaction software. A Valour script is written by the user and is then compiled into a verification system. Although, developed as part of a project, the tool has been designed as a stand-alone general-purpose verification engine with a particular emphasis on event consumption. The strong points of Valour when compared to other runtime verification tools is its focus on scalability and robustness.

show abstract

Compliance Checking in the Open Payments Ecosystem

Cited by 4 publications

References 7 publications

Control-Flow Residual Analysis for Symbolic Automata

Control-Flow Residual Analysis for Symbolic Automata

A Foundation for Runtime Monitoring

Runtime Verification using VALOUR

Contact Info

Product

Resources

About