Runtime Enforcement with Partial Control

Khoury, Raphaël; Hallé, Stéphane

doi:10.1007/978-3-319-30303-1_7

Cited by 8 publications

(6 citation statements)

References 32 publications

(41 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ligatti et al [2] consider more varied models of monitors, capable of inserting events in the execution stream, of suppressing the occurrence of some events while allowing the remainder of the execution to proceed, or both. Another characterization, in which some events lie beyond the control of the monitor, was proposed by Khoury et al [20].…”

Section: Monitor Capabilitiesmentioning

confidence: 99%

“…Many formal models of enforcement have been proposed in the past to capture the behavior of monitors [2,19,20,23,25]. In most of them, a single mathematical structure (usually an automaton or some other type of finite state machine) is tasked with the entirety of the enforcement process: reading the input, transforming it through a process of substitutions, insertions, deletions and/or truncations, and ensuring compliance of the resulting output trace with respect to both soundness and transparency.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Modular Runtime Enforcement Model Using Multi-traces

Taleb

Hallé

Khoury

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Runtime enforcement seeks to provide a valid replacement to any misbehaving sequence of events of a running system so that the correct sequence complies with a user-defined security policy. However, depending on the capabilities of the enforcement mechanism, multiple possible replacement sequences may be available, and the current literature is silent on the question of how to choose the optimal one. In this paper, we propose a new model of enforcement monitors, that allows the comparison between multiple alternative corrective enforcement actions and the selection of the optimal one, with respect to an objective user-defined gradation, separate from the security policy. These concepts are implemented using the event stream processor BeepBeep and a use case is presented. Experimental evaluation shows that our proposed framework can dynamically select enforcement actions at runtime, without the need to manually define an enforcement monitor.

show abstract

Section: Monitor Capabilitiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

A Modular Runtime Enforcement Model Using Multi-traces

Taleb

Hallé

Khoury

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Models supporting uncontrollable events. Closer to controllers in supervisory-control theory (see Remark 1), enforcement mechanisms accounting for uncontrollable actions (i.e., actions that cannot be affected by the enforcement mechanism) have been defined [85,57]. In addition to the current satisfaction of the output execution, such models take into account the possible reception of uncontrollable events.…”

Section: Models Of Enforcement Mechanisms/monitorsmentioning

confidence: 99%

“…Uncontrollable actions as clock ticks were first introduced by Basin et al in [5]. Unrestricted uncontrollable actions were later introduced in extensions of GEMs in [85,84,86] and of EAs in [57].…”

Section: Models Of Enforcement Mechanisms/monitorsmentioning

confidence: 99%

Runtime Failure Prevention and Reaction

Falcone

Mariani

Rollet

et al. 2018

Lectures on Runtime Verification

View full text Add to dashboard Cite

This chapter describes how to use in-the-field runtime techniques to improve the dependability of software systems. In particular, we first present an overall vision of the problem of ensuring highly-dependable behaviours at runtime based on the concept of autonomic monitor, and then we present the two families of relevant approaches for this purpose. First, we present techniques related to runtime enforcement that can prevent the system producing bad behaviours. Second, we describe healing techniques that can detect if the system has produced a bad behaviour and react to the situation accordingly (e.g., moving the system back to a correct state).

show abstract

“…Runtime verification aims at verifying whether an execution trace satisfies a given correctness property. Runtime enforcement [13,20,21,24] goes beyond classic runtime verification by correcting the execution that deviates from its expected behaviour to ensure the satisfaction of a given property. To do so, a so-called enforcement monitor (or enforcer in short) accepts as input a sequence of actions and generates as output a sequence of actions respecting the property.…”

Section: Introductionmentioning

confidence: 99%

Runtime Enforcement with Reordering, Healing, and Suppression

Falcone

Salaün

2021

Software Engineering and Formal Methods

View full text Add to dashboard Cite

Runtime enforcement analyses an execution trace, detects when this execution deviates from its expected behaviour with respect to a given property, and corrects the trace to make it satisfy the property. In this paper, we present new enforcement techniques that reorder actions when necessary, inject actions to the application to ensure progress of the property, and discard actions to avoid storing too many unnecessary actions. At any step of the enforcement, we provide a verdict, called enforcement trend in this work, which takes its value in a 4-valued truth domain. Our approach has been implemented in a tool and validated on several application examples. Experimental results show that our techniques better preserve the application actions, hence ensuring better service continuity.

show abstract

Runtime Enforcement with Partial Control

Cited by 8 publications

References 32 publications

A Modular Runtime Enforcement Model Using Multi-traces

A Modular Runtime Enforcement Model Using Multi-traces

Runtime Failure Prevention and Reaction

Runtime Enforcement with Reordering, Healing, and Suppression

Contact Info

Product

Resources

About