On Bidirectional Runtime Enforcement

Aceto, Luca; Cassar, Ian; Francalanza, Adrian; Ingólfsdóttir, Anna

doi:10.1007/978-3-030-78089-0_1

Cited by 6 publications

(6 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Falcone et al [25] later studied the enforcement of propositional timed policies by suppressing and delaying events. Recently, Aceto et al [2] proposed bidirectional enforcers that treat input and output system actions differently. We see this distinction as a more refined event type partition (Section 3).…”

Section: Related Workmentioning

confidence: 99%

“…The formula φ 2 = ♦ [3,4] (∃x. Close(x) ∧ ♢ [1,2] Open(x)) contains a future operator, but is still future-free, since the future operator ♢ [1,2] (looking at most 2 time units into the future) is nested in a ♦ [3,4] operator that is always evaluated at least 3 time units in the past. The formula φ 3 = ♢ [1,2] Open(x) is not future-free: its truth value depends on events happening up to 2 time units in the future.…”

Section: Definition 4 (Correct Enforcementmentioning

confidence: 99%

See 1 more Smart Citation

Real-Time Policy Enforcement with Metric First-Order Temporal Logic

Hublet

Basin

Krstić

2022

Computer Security – ESORICS 2022

View full text Add to dashboard Cite

Correctness and regulatory compliance of today's software systems are crucial for our safety and security. This can be achieved with policy enforcement: the process of monitoring and possibly modifying system behavior to satisfy a given policy. The enforcer's capabilities determine which policies are enforceable. We study the enforceability of policies specified in metric first-order temporal logic (MFOTL) with enforcers that can cause and suppress different system actions in real time. We consider an expressive safety fragment of MFOTL and show that a policy from that fragment is enforceable if and only if it is equivalent to a policy in a simpler, syntactically defined MFOTL fragment. We then propose an enforcement algorithm for all monitorable policies from the latter fragment, and show that our EnfPoly enforcer outperforms state-of-the-art tools.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Definition 4 (Correct Enforcementmentioning

confidence: 99%

Real-Time Policy Enforcement with Metric First-Order Temporal Logic

Hublet

Basin

Krstić

2022

Computer Security – ESORICS 2022

View full text Add to dashboard Cite

show abstract

“…We evaluate our monitor synthesis function of Definition 5.3 in terms of this optimality measure, Theorem 6.12. This article is the extended version of the paper titled "On Bidirectional Runtime Enforcement" that appeared at FORTE 2021 [ACFI21]. In addition to the material presented in the conference version, this version contains extended examples, the proofs of the main results and new material on monitor optimality.…”

Section: Susmentioning

confidence: 99%

Bidirectional Runtime Enforcement of First-Order Branching-Time Properties

Aceto¹,

Cassar²,

Francalanza³

et al. 2023

Logical Methods in Computer Science

View full text Add to dashboard Cite

Runtime enforcement is a dynamic analysis technique that instruments a monitor with a system in order to ensure its correctness as specified by some property. This paper explores bidirectional enforcement strategies for properties describing the input and output behaviour of a system. We develop an operational framework for bidirectional enforcement and use it to study the enforceability of the safety fragment of Hennessy-Milner logic with recursion (sHML). We provide an automated synthesis function that generates correct monitors from sHML formulas, and show that this logic is enforceable via a specific type of bidirectional enforcement monitors called action disabling monitors.

show abstract

“…The key ingredient of runtime assurance components is a monitor (also referred to as decision module, shield or mask) that triggers a modification in the system's outputs. Realizations of runtime assurance vary, and span from suppressing [2] to manipulating the system's executions [42].…”

Section: Runtime Assurancementioning

confidence: 99%

Formal Analysis of AI-Based Autonomy: From Modeling to Runtime Assurance

Torfah

Junges

Fremont

et al. 2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Autonomous systems are increasingly deployed in safetycritical applications and rely more on high-performance AI/ML-based components. Runtime monitors play an important role in raising the level of assurance in AI/ML-based autonomous systems by ensuring that the autonomous system stays safe within its operating environment. In this tutorial, we present VerifAI, an open-source toolkit for the formal design and analysis of systems that include AI/ML components. Ver-ifAI provides features supporting a variety of use cases including formal modeling of the autonomous system and its environment, automatic falsification of system-level specifications as well as other simulationbased verification and testing methods, automated diagnosis of errors, and automatic specification-driven parameter and component synthesis. In particular, we describe the use of VerifAI for generating runtime monitors that capture the safe operational environment of systems with AI/ML components. We illustrate the advantages and applicability of VerifAI in real-life applications using a case study from the domain of autonomous aviation.

show abstract

On Bidirectional Runtime Enforcement

Cited by 6 publications

References 39 publications

Real-Time Policy Enforcement with Metric First-Order Temporal Logic

Real-Time Policy Enforcement with Metric First-Order Temporal Logic

Bidirectional Runtime Enforcement of First-Order Branching-Time Properties

Formal Analysis of AI-Based Autonomy: From Modeling to Runtime Assurance

Contact Info

Product

Resources

About