research-article

Monitoring Metric First-Order Temporal Properties

Authors:
David Basin

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

,
Felix Klaedtke

ETH Zurich and NEC Europe Ltd., Heidelberg, Germany

ETH Zurich and NEC Europe Ltd., Heidelberg, Germany
View Profile

,
Samuel Müller

ETH Zurich and Scandit AG, Zurich, Switzerland

ETH Zurich and Scandit AG, Zurich, Switzerland
View Profile

,
Eugen Zălinescu

ETH Zurich, Zurich, Switzerland

ETH Zurich, Zurich, Switzerland
View Profile

Authors Info & Claims

Journal of the ACM Volume 62 Issue 2Article No.: 15pp 1–45https://doi.org/10.1145/2699444

Published:06 May 2015Publication History

Journal of the ACM

Abstract

Runtime monitoring is a general approach to verifying system properties at runtime by comparing system events against a specification formalizing which event sequences are allowed. We present a runtime monitoring algorithm for a safety fragment of metric first-order temporal logic that overcomes the limitations of prior monitoring algorithms with respect to the expressiveness of their property specification languages. Our approach, based on automatic structures, allows the unrestricted use of negation, universal and existential quantification over infinite domains, and the arbitrary nesting of both past and bounded future operators. Furthermore, we show how to use and optimize our approach for the common case where structures consist of only finite relations, over possibly infinite domains. We also report on case studies from the domain of security and compliance in which we empirically evaluate the presented algorithms. Taken together, our results show that metric first-order temporal logic can serve as an effective specification language for expressing and monitoring a wide variety of practically relevant system properties.

References

107th Congress. 2001. Uniting and strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT ACT). Public Law 107-56.Google Scholar
Serge Abiteboul, Richard Hull, and Victor Vianu. 1995. Foundations of Databases. Addison-Wesley Longman Publishing Co., Inc., Boston, MA. Google ScholarDigital Library
Bowen Alpern and Fred B. Schneider. 1985. Defining liveness. Inform. Process. Lett. 21, 4, 181--185.Google ScholarCross Ref
Rajeev Alur and Thomas A. Henzinger. 1992. Logics and models of real time: A survey. In Proceedings of the 1991 REX Workshop on Real Time: Theory in Practice. Lecture Notes in Computer Science, vol. 600. Springer, Heidelberg, Germany, 74--106. Google ScholarDigital Library
Rajeev Alur and Thomas A. Henzinger. 1994. A really temporal logic. J. ACM 41, 1, 181--204. Google ScholarDigital Library
Arvind Arasu, Shivnath Babu, and Jennifer Widom. 2006. The CQL continuous query language: Semantic foundations and query execution. VLDB J. 15, 2, 121--142. Google ScholarDigital Library
Franz Baader, Andreas Bauer, and Marcel Lippmann. 2009. Runtime verification using a temporal description logic. In Proceedings of the 7th International Symposium on Frontiers of Combining Systems. Lecture Notes in Computer Science, vol. 5749. Springer, Heidelberg, Germany, 149--164. Google ScholarDigital Library
Luciano Baresi, Domenico Bianculli, Sam Guinea, and Paola Spoletini. 2009. Keep it small, keep it real: Efficient run-time verification of web service compositions. In Proceedings of the Joint Conference on Formal Techniques for Distributed Systems, (11th IFIP WG 6.1 International Conference on Formal Method for Open Object-Based Distributed Systems and 29th IFIP WG 6.1 International Conference on Formal Techniques for Networked and Distributed Systems). Lecture Notes in Computer Science, vol. 5522. Springer, Heidelberg, Germany, 26--40. Google ScholarDigital Library
Howard Barringer, Yliés Falcone, Klaus Havelund, Giles Reger, and David E. Rydeheard. 2012. Quantified event automata: Towards expressive and efficient runtime monitors. In Proceedings of the 18th International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 7436. Springer, Heidelberg, Germany, 68--84.Google Scholar
Howard Barringer, Allen Goldberg, Klaus Havelund, and Koushik Sen. 2004. Rule-based runtime verification. In Proceedings of the 5th International Conference on Verification, Model Checking and Abstract Interpretation. Lecture Notes in Computer Science, vol. 2937. Springer, Heidelberg, Germany, 44--57.Google Scholar
Howard Barringer, Alex Groce, Klaus Havelund, and Margaret H. Smith. 2010a. Formal analysis of log files. J. Aero. Comput. Inf. Commun. 7, 11, 365--390.Google ScholarCross Ref
Howard Barringer and Klaus Havelund. 2011. TraceContract: A scala DSL for trace analysis. In Proceedings of the 18th International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 6664. Springer, Heidelberg, Germany, 57--72. Google ScholarDigital Library
Howard Barringer, David E. Rydeheard, and Klaus Havelund. 2010b. Rule systems for run-time monitoring: From Eagle to RuleR. J. Logic Comput. 20, 3, 675--706. Google ScholarDigital Library
Adam Barth, Anupam Datta, John C. Mitchell, and Helen Nissenbaum. 2006. Privacy and contextual integrity: Framework and applications. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE Computer Society, Los Alamitos, CA, 184--198. Google ScholarDigital Library
David Basin, Germano Caronni, Sarah Ereth, Matúš Harvan, Felix Klaedtke, and Heiko Mantel. 2014. Scalable offline monitoring. In Proceedings of the 5th International Conference on Runtime Verification. Lecture Notes in Computing Science, vol. 8734. Springer, Heidelberg, Germany, 31--47.Google Scholar
David Basin, Matúš Harvan, Felix Klaedtke, and Eugen Zălinescu. 2012a. MONPOLY: Monitoring usage-control policies. In Proceedings of the 2nd International Conference on Runtime Verification. Lecture Notes in Computer Science, vol. 7186. Springer, Heidelberg, Germany, 360--364. Google ScholarDigital Library
David Basin, Matúš Harvan, Felix Klaedtke, and Eugen Zălinescu. 2013a. Monitoring data usage in distributed systems. IEEE Trans. Softw. Eng. 39, 10, 1403--1426. Google ScholarDigital Library
David Basin, Felix Klaedtke, Srdjan Marinovic, and Eugen Zălinescu. 2013b. Monitoring compliance policies over incomplete and disagreeing logs. In Proceedings of the 3rd International Conference on Runtime Verification. Lecture Notes in Computer Science, vol. 7687, Springer, Heidelberg, Germany, 151--167.Google Scholar
David Basin, Felix Klaedtke, Srdjan Marinovic, and Eugen Zălinescu. 2013c. Monitoring of temporal first-order properties with aggregations. In Proceedings of the 4th International Conference on Runtime Verification. Lecture Notes in Computer Science, vol. 8174. Springer, Heidelberg, Germany, 40--58.Google Scholar
David Basin, Felix Klaedtke, and Samuel Müller. 2010a. Monitoring security policies with metric first-order temporal logic. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies. ACM, New York, 23--33. Google ScholarDigital Library
David Basin, Felix Klaedtke, and Samuel Müller. 2010b. Policy monitoring in first-order temporal logic. In Proceedings of the 22nd International Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 6174. Springer, Heidelberg, Germany, 1--18. Google ScholarDigital Library
David Basin, Felix Klaedtke, Samuel Müller, and Birgit Pfitzmann. 2008. Runtime monitoring of metric first-order temporal properties. In Proceedings of the 28th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science. Leibniz International Proceedings in Informatics (LIPIcs). LIPIcs, vol. 2. Schloss Dagstuhl - Leibniz Center for Informatics, 49--60.Google Scholar
David Basin, Felix Klaedtke, and Eugen Zălinescu. 2012b. Algorithms for monitoring real-time properties. In Proceedings of the 2nd International Conference on Runtime Verification. Lecture Notes in Computer Science, vol. 7186. Springer, Heidelberg, Germany, 260--275. Google ScholarDigital Library
Andreas Bauer and Yliés Falcone. 2012. Decentralised LTL monitoring. In Proceedings of the 18th International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 7436. Springer, Heidelberg, Germany, 85--100.Google Scholar
Andreas Bauer, Rajeev Goré, and Alwen Tiu. 2009. A first-order policy language for history-based transaction monitoring. In Proceedings of the 6th International Colloquium on Theoretical Aspects of Computing. Lecture Notes in Computer Science, vol. 5684. Springer, Heidelberg, Germany, 96--111. Google ScholarDigital Library
Andreas Bauer, Martin Leucker, and Christian Schallhart. 2011. Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20, 4. Google ScholarDigital Library
Achim Blumensath and Erich Grädel. 2004. Finite presentations of infinite structures: Automata and interpretations. Theoret Comput. Syst. 37, 6, 641--674.Google ScholarCross Ref
Jan Chomicki. 1995. Efficient checking of temporal integrity constraints using bounded history encoding. ACM Trans. Database Syst. 20, 2, 149--186. Google ScholarDigital Library
Jan Chomicki and Damian Niwiński. 1995. On the feasibility of checking temporal integrity constraints. J. Comput. Syst. Sci. 51, 3, 523--535. Google ScholarDigital Library
Jan Chomicki and David Toman. 1995. Implementing temporal integrity constraints using an active DBMS. IEEE Trans. Knowl. Data Eng. 7, 4, 566--582. Google ScholarDigital Library
Jan Chomicki, David Toman, and Michael H. Böhlen. 2001. Querying ATSQL databases with temporal logic. ACM Trans. Database Syst. 26, 2, 145--178. Google ScholarDigital Library
Edmund M. Clarke and E. Allen Emerson. 1982. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Proceedinggs of the 1981 Workshop on Logics of Programs. Lecture Notes in Computer Science, vol. 131. Springer, Heidelberg, Germany, 52--71. Google ScholarDigital Library
Gianpaolo Cugola and Alessandro Margara. 2012. Processing flows of information: From data stream to complex event processing. ACM Comput. Surv. 44, 3. Google ScholarDigital Library
Ben D'Angelo, Sriram Sankaranarayanan, César Sánchez, Will Robinson, Bernd Finkbeiner, Henny B. Sipma, Sandeep Mehrotra, and Zohar Manna. 2005. LOLA: Runtime monitoring of synchronous systems. In Proceedings of the 12th International Symposium on Temporal Representation and Reasoning. IEEE Computer Society, Los Alamitos, CA, 166--174. Google ScholarDigital Library
Jeffrey Dean and Sanjay Ghemawat. 2008. MapReduce: Simplified data processing on large clusters. Commun. ACM 51, 1, 107--113. Google ScholarDigital Library
Department of the Treasury. 1970. Bank Secrecy Act of 1970 (BSA). 31 USC 5311-5332 and 31 CFR 103.Google Scholar
Robert A. Di Paola. 1969. The recursive unsolvability of the decision problem for the class of definite formulas. J. ACM 16, 2, 324--327. Google ScholarDigital Library
Nikhil Dinesh, Aravind Joshi, Insup Lee, and Oleg Sokolsky. 2008. Checking traces for regulatory conformance. In Proceedings of the 8th Workshop on Runtime Verification. Lecture Notes in Computer Science, vol. 5289. Springer, Heidelberg, Germany, 86--103. Google ScholarDigital Library
Daniel J. Dougherty, Kathi Fisler, and Shriram Krishnamurthi. 2007. Obligations and their interaction with programs. In Proceedings of the 12th European Symposium on Research in Computer Security. Lecture Notes in Computer Science, vol. 4734. Springer, Heidelberg, Germany, 375--289. Google ScholarDigital Library
Herbert B. Enderton. 1972. A Mathematical Introduction to Logic. Academic Press, San Diego, CA.Google Scholar
David F. Ferraiolo, Ravi S. Sandhu, Serban I. Gavrila, D. Richard Kuhn, and Ramaswamy Chandramouli. 2001. Proposed NIST standard for role-based access control. ACM Trans. Inform. Syst. Secur. 4, 3, 224--274. Google ScholarDigital Library
Bernd Finkbeiner and Henny Sipma. 2004. Checking finite traces using alternating automata. Form. Method. Syst. Des. 24, 2, 101--127. Google ScholarDigital Library
Deepak Garg, Limin Jia, and Anupam Datta. 2011. Policy auditing over incomplete logs: theory, implementation and applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, New York, 151--162. Google ScholarDigital Library
Dimitra Giannakopoulou and Klaus Havelund. 2001. Automata-based verification of temporal properties on running programs. In Proceedings of the 16th IEEE International Conference on Automated Software Engineering. IEEE Computer Society, Los Alamitos, CA, 412--416. Google ScholarDigital Library
Christopher Giblin, Alice Y. Liu, Samuel Müller, Birgit Pfitzmann, and Xin Zhou. 2005. Regulations expressed as logical models (REALM). In Proceedings of the 18th Annual Conference on Legal Knowledge and Information Systems (Frontiers Artificial Intelligence Appl.). Frontiers in Artificial Intelligence and Applications, vol. 134. IOS Press, Amsterdam, The Netherlands, 37--48. Google ScholarDigital Library
Sylvain Hallé and Roger Villemaire. 2012. Runtime enforcement of web service message contracts with data. IEEE Trans. Serv. Comput. 5, 2, 192--206. Google ScholarDigital Library
Klaus Havelund and Grigore Roşu. 2004. Efficient monitoring of safety properties. Int. J. Softw. Tools Technol. Trans. 6, 2, 158--173. Google ScholarDigital Library
Klaus Havelund and Willem Visser. 2002. Program model checking as a new trend. Int. J. Softw. Tools Technol. Trans. 4, 1, 8--20.Google ScholarCross Ref
Jesper G. Henriksen, Jakob L. Jensen, Michael E. Jørgensen, Nils Klarlund, Robert Paige, Theis Rauhe, and Anders Sandholm. 1995. Mona: Monadic second-order logic in practice. In Proceedings of the 1st International Workshop on Tools and Algorithms for Contruction and Analysis of Systems. Lecture Notes in Computer Science, vol. 1019. Springer, Heidelberg, Germany, 89--110. Google ScholarDigital Library
Thomas A. Henzinger. 1990. Half-order modal logic: how to prove real-time properties. In Proceedings of the 9th Annual ACM Symposium on Principles of Distributed Computing. ACM Press, New York, 281--296. Google ScholarDigital Library
Thomas A. Henzinger. 1992. Sooner is safer than later. Inform. Process. Lett. 43, 3, 135--141. Google ScholarDigital Library
Manuel Hilty, David Basin, and Alexander Pretschner. 2005. On obligations. In Proceedings of the 10th European Symposium on Research in Computer Security. Lecture Notes in Computer Science, vol. 3679. Springer, Heidelberg, Germany, 98--117. Google ScholarDigital Library
IEEE Std 1800-2009 2009. Standard for SystemVerilog--Unified Hardware Design, Specification, and Verification Language. (December 2009). http://ieeexplore.ieee.org/xpls/abs&lowbar;all.jsp&quest;arnumber=5354441&tag==1.Google Scholar
IEEE Std 1850-2010 2012. Standard for Property Specification Language (PSL). (June 2012).http://ieeexplore.ieee.org/xpl/articleDetails.jsp&quest;arnumber=6228486.Google Scholar
Yonit Kesten, Oded Maler, Monica Marcus, Amir Pnueli, and Elad Shahar. 2001. Symbolic model checking with rich assertional languages. Theoret. Comput. Sci. 256, 1--2, 93--112. Google ScholarDigital Library
Bakhadyr Khoussainov and Anil Nerode. 1995. Automatic presentations of structures. In Proceedings of the International Workshop on Logical and Computational Complexity. Lecture Notes in Computer Science, vol. 960. Springer, Heidelberg, Germany, 367--392. Google ScholarDigital Library
Nils Klarlund, Anders Møller, and Michael I. Schwartzbach. 2002. MONA implementation secrets. Int. J. Found. Comput. Sci. 13, 4, 571--586.Google ScholarCross Ref
Ron Koymans. 1990. Specifying real-time properties with metric temporal logic. Real-Time Syst. 2, 4, 255--299. Google ScholarDigital Library
Orna Lichtenstein, Amir Pnueli, and Lenore D. Zuck. 1985. The glory of the past. In Proceedings of the Conference on Logic of Programs. Lecture Notes in Computer Science, vol. 193. Springer, Heidelberg, Germany, 196--218. Google ScholarDigital Library
Udo Walter Lipeck and Gunter Saake. 1987. Monitoring dynamic integrity constraints based on temporal logic. Inf. Syst. 12, 3, 255--269. Google ScholarDigital Library
Fabrizio Maria Maggi, Marco Montali, Michael Westergaard, and Wil M. P. van der Aalst. 2011. Monitoring business constraints with linear temporal logic: An approach based on colored automata. In Proceedings of the 9th International Conference on Business Process Management. Lecture Notes in Computer Science, vol. 6896. Springer, Heidelberg, Germany, 132--147. Google ScholarDigital Library
Oded Maler and Dejan Nickovic. 2013. Monitoring properties of analog and mixed-signal circuits. Int. J. Softw. Tools Technol. Trans. 15, 247--268. Issue 3.Google ScholarDigital Library
Patrick O'Neil Meredith, Dongyun Jin, Dennis Griffith, Feng Chen, and Grigore Roşu. 2012. An overview of the MOP runtime verification framework. Int. J. Softw. Tools Technol. Trans. 14, 3, 249--289. Google ScholarDigital Library
MonPoly. 2013. MonPoly source code and examples. http://sourceforge.net/projects/monpoly.Google Scholar
Amir Pnueli. 1977. The temporal logic of programs. In Proceedings of the 18th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society, Los Alamitos, CA, 46--57. Google ScholarDigital Library
Amir Pnueli and Aleksandr Zaks. 2006. PSL Model checking and run-time verification via testers. In Proceedings of the 14th International Symposium on Formal Methods. Lecture Notes in Computer Science, vol. 4085. Springer, Heidelberg, Germany, 573--586. Google ScholarDigital Library
PostgreSQL Global Development Group. 2012. PostgreSQL, Version 9.1.4. http://www.postgresql.org/.Google Scholar
Thomas Reinbacher, Matthias Fuegger, and Jörg Brauer. 2013. Real-time runtime verification on chip. In Proceedings of the 3rd International Conference on Runtime Verification. Lecture Notes in Computer Science, vol. 7687. Springer, Heidelberg, Germany, 110--125.Google Scholar
Muriel Roger and Jean Goubault-Larrecq. 2001. Log auditing through model-checking. In Proceedings of the 14th IEEE Computer Security Foundations Workshop. IEEE Computer Society, Los Alamitos, CA, 220--234. Google ScholarDigital Library
Grigore Roşu and Feng Chen. 2012. Semantics and algorithms for parametric monitoring. Log. Method. Comput. Sci. 8, 1.Google ScholarCross Ref
Grigore Roşu and Klaus Havelund. 2005. Rewriting-based techniques for runtime verification. Automat. Softw. Eng. 12, 2, 151--197. Google ScholarDigital Library
A. Prasad Sistla and Ouri Wolfson. 1995. Temporal triggers in active databases. IEEE Trans. Knowl. Data Eng. 7, 3, 471--486. Google ScholarDigital Library
Volker Stolz and Eric Bodden. 2006. Temporal assertions using Aspect. In Proceedings of the 5th Workshop on Runtime Verification. Electronic Notes in Theoretical Computer Science, vol. 144, Elsevier Science, Inc., Amsterdam, The Netherlands, 109--124. Google ScholarDigital Library
Prasanna Thati and Grigore Roşu. 2005. Monitoring algorithms for metric temporal logic specifications. In Proceedings of the 4th Workshop on Runtime Verification. Electronic Notes in Theoretical Computer Science, vol. 113, Elsevier Science Inc., Amsterdam, The Netherlands, 145--162. Google ScholarDigital Library
Allen Van Gelder and Rodney W. Topor. 1991. Safety and translation of relational calculus. ACM Trans. Database Syst. 16, 2, 235--278. Google ScholarDigital Library
Moshe Y. Vardi. 2009. From philosophical to industrial logics. In Proceedings of the 3rd Indian Conference on Logic and its Applications. Lecture Notes in Computer Science, vol. 5378. Springer, Heidelberg, Germany, 89--115. Google ScholarDigital Library
Xinwen Zhang, Francesco Parisi-Presicce, Ravi Sandhu, and Jaehong Park. 2005. Formal model and policy specification of usage control. ACM Trans. Inform. Syst. Secur. 8, 4, 351--387. Google ScholarDigital Library

Index Terms

Monitoring Metric First-Order Temporal Properties

Recommendations

Monitoring security policies with metric first-order temporal logic
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologies

We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this ...
Read More
First-Order Temporal Verification in Practice

First-order temporal logic, the extension of first-order logic with operators dealing with time, is a powerful and expressive formalism with many potential applications. This expressive logic can be viewed as a framework in which to investigate problems ...
Read More
Monitoring Algorithms for Metric Temporal Logic Specifications

Program execution traces can be so large in practical testing and monitoring applications that it would be very expensive, if not impossible, to store them for detailed analysis. Monitoring execution traces without storing them, can be a nontrivial ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Journal of the ACM Volume 62, Issue 2
May 2015
304 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/2772377
Editor:
Victor Vianu
University of California, San Diego
Issue’s Table of Contents
Copyright © 2015 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 6 May 2015
- Accepted: 1 December 2014
- Revised: 1 February 2014
- Received: 1 January 2013
Published in jacm Volume 62, Issue 2

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Runtime verification
automatic structures
compliance checking
security policies
temporal databases
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 115
  Total Citations
  View Citations
- 751
  Total Downloads
- Downloads (Last 12 months)130
- Downloads (Last 6 weeks)16
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Monitoring Metric First-Order Temporal Properties

Journal of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Monitoring security policies with metric first-order temporal logic

First-Order Temporal Verification in Practice

Monitoring Algorithms for Metric Temporal Logic Specifications

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Other Metrics

Article Metrics

Other Metrics

Cited By

PDF Format

eReader

Digital Edition

Caption

Monitoring Metric First-Order Temporal Properties

Journal of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Monitoring security policies with metric first-order temporal logic

First-Order Temporal Verification in Practice

Monitoring Algorithms for Metric Temporal Logic Specifications

Comments

Login options

Full Access

Published in

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Funding Sources

Article Metrics

Other Metrics

PDF Format

eReader

Digital Edition

Share this Publication link

Share on Social Media