Efficient Runtime Monitoring with Metric Temporal Logic: A Case Study in the Android Operating System

Gunadi, Hendra; Tiu, Alwen

doi:10.1007/978-3-319-06410-9_21

Cited by 22 publications

(20 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They show that past formulas can be converted to deterministic timed automata (DTA) and that there are future formulas that cannot be represented by a DTA. There exist trace-length independent monitors for ptLTL extended with counting quantifiers [19], and ptMTL extended with recursive definitions [26]. D'Angelo et al [14] propose an online algorithm for a stream processing language called LOLA that supports past and future references.…”

Section: Space Efficient Algorithms Havelund and Roşumentioning

confidence: 99%

Almost event-rate independent monitoring

Basin

Bhatt

Krstić

et al. 2019

Form Methods Syst Des

View full text Add to dashboard Cite

A monitoring algorithm is trace-length independent if its space consumption does not depend on the number of events processed. The analysis of many monitoring algorithms has aimed at establishing their trace-length independence. But a monitor's space consumption can depend on characteristics of the trace other than its size. We put forward the stronger notion of event-rate independence, where a monitor's space usage does not depend on the event rate, i.e., the number of events in a fixed time unit. This property is critical for monitoring voluminous streams of events with a high arrival rate. We propose a new algorithm for metric temporal logic (MTL) that is almost eventrate independent, where "almost" denotes a logarithmic dependence on the event rate: the algorithm must store the event rate as a number. Afterwards, we investigate more expressive logics. In particular, we extend linear dynamic logic with past operators and metric features. The resulting metric dynamic logic (MDL) offers the quantitative temporal conveniences of MTL while increasing its expressiveness. We show how to modify our MTL algorithm in a modular way, yielding an almost event-rate independent monitor for MDL. Finally, we compare our algorithms with traditional monitoring approaches, providing empirical evidence that almost event-rate independence matters in practice.

show abstract

Section: Space Efficient Algorithms Havelund and Roşumentioning

confidence: 99%

Almost event-rate independent monitoring

Basin

Bhatt

Krstić

et al. 2019

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…Combining static analysis, model checking and runtime monitoring, they are able to detect the violation of contextual policies of Android applications. Gunadi and Tiu (Gunadi and Tiu 2013) propose a security policy specification language to describe privilege escalation on Android. The language is based on metric linear-time temporal logic (MTL) plus an extension of recursive definitions.…”

Section: Attack Representationmentioning

confidence: 99%

“…Android malware varies in many aspects such as attack targets, attack methods, and applied obfuscation techniques. For example, Android malware may steal users' sensitive information (Grace et al 2012;Arzt et al 2014a), elevate their privilege (Xing et al 2014;Gunadi and Tiu 2013), deplete device resources (Vekris et al 2012;Pathak et al 2012), and remote control users' devices (Zhou and Jiang 2012). Malware may accomplish attack missions either individually or collaboratively (Octeau et al 2013;Bosu et al 2017), perform attacks only once or periodically (Zhou and Jiang 2012), and be triggered by the installation or a broadcast message.…”

Section: Introductionmentioning

confidence: 99%

DroidEcho: an in-depth dissection of malicious behaviors in Android applications

et al. 2018

View full text Add to dashboard Cite

A precise representation for attacks can benefit the detection of malware in both accuracy and efficiency. However, it is still far from expectation to describe attacks precisely on the Android platform. In addition, new features on Android, such as communication mechanisms, introduce new challenges and difficulties for attack detection. In this paper, we propose abstract attack models to precisely capture the semantics of various Android attacks, which include the corresponding targets, involved behaviors as well as their execution dependency. Meanwhile, we construct a novel graph-based model called the inter-component communication graph (ICCG) to describe the internal control flows and inter-component communications of applications. The models take into account more communication channel with a maximized preservation of their program logics. With the guidance of the attack models, we propose a static searching approach to detect attacks hidden in ICCG. To reduce false positive rate, we introduce an additional dynamic confirmation step to check whether the detected attacks are false alarms. Experiments show that DROIDECHO can detect attacks in both benchmark and real-world applications effectively and efficiently with a precision of 89.5%.

show abstract

“…Examples include requirements monitoring ( Maiden, 2013;Robinson, 2006 ), monitoring of architectural properties ( Muccini et al, 2007 ), complex event processing ( Völz et al, 2011 ), and runtime verification ( Calinescu et al, 2012;, to name but a few. The desired runtime behavior is often formally expressed using temporal logic ( Viswanathan and Kim, 2005;Gunadi and Tiu, 2014;Bauer et al, 2006 ), or through the use of domain-specific (constraint) languages ( Robinson, 2006;Baresi and Guinea, 2013;Phan et al, 2008;Vierhauser et al, 2015 ). Defined constraints are checked based on events and data collected from systems at runtime, e.g., through instrumentation ( Mansouri-Samani and Sloman, 1993 ).…”

Section: Introductionmentioning

confidence: 99%

A comparison framework for runtime monitoring approaches

Rabiser

Guinea

Vierhauser

et al. 2017

Journal of Systems and Software

View full text Add to dashboard Cite

The full behavior of complex software systems often only emerges during operation. They thus need to be monitored at run time to check that they adhere to their requirements. Diverse runtime monitoring approaches have been developed in various domains and for different purposes. Their sheer number and heterogeneity, however, make it hard to find the right approach for a specific application or purpose. The aim of our research therefore was to develop a comparison framework for runtime monitoring approaches. Our framework is based on an analysis of the literature and existing taxonomies for monitoring languages and patterns. We use examples from existing monitoring approaches to explain the framework. We demonstrate its usefulness by applying it to 32 existing approaches and by comparing 3 selected approaches in the light of different monitoring scenarios. We also discuss perspectives for researchers

show abstract

Efficient Runtime Monitoring with Metric Temporal Logic: A Case Study in the Android Operating System

Cited by 22 publications

References 20 publications

Almost event-rate independent monitoring

Almost event-rate independent monitoring

DroidEcho: an in-depth dissection of malicious behaviors in Android applications

A comparison framework for runtime monitoring approaches

Contact Info

Product

Resources

About