predictive runtime enforcement
play

Predictive Runtime Enforcement Srinivas Pinisetty 1 , Viorel - PowerPoint PPT Presentation

Feb 03, 2023 •226 likes •674 views

Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive Runtime Enforcement Srinivas Pinisetty 1 , Viorel Preoteasa 1 , Stavros Tripakis 1 , 2 , Thierry J eron 3 , es Falcone 4 , Herv e Marchand 3 Yli`

  1. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive Runtime Enforcement Srinivas Pinisetty 1 , Viorel Preoteasa 1 , Stavros Tripakis 1 , 2 , Thierry J´ eron 3 , es Falcone 4 , Herv´ e Marchand 3 Yli` Aalto University, Finland University of California, Berkeley INRIA Rennes - Bretagne Atlantique, France LIG, Universit´ e Grenoble, INRIA, Grenoble, France Computational Logic Day 2016, Aalto University, Finland Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 1 / 23

  2. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Runtime verification and enforcement Runtime verification Runtime enforcement Property ϕ Property ϕ Verification events events events verdicts Monitor Enforcer a · a · b · · · a · a · · · | = ϕ ? · True · · · a · b · · · Input: stream of events. Does σ satisfy ϕ ? Modified to satisfy the Output: stream of verdicts . property. Output: stream of events . Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 2 / 23

  3. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Runtime enforcement (previous work: non-predictive ) ϕ σ ∈ Σ ∗ o ∈ ϕ Event Event Enforcer Emitter Receiver Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 3 / 23

  4. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Runtime enforcement (previous work: non-predictive ) ϕ σ ∈ Σ ∗ o ∈ ϕ Event Event Enforcer Emitter Receiver Enforcer for ϕ operating at runtime ϕ : any regular property (defined as automaton). Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 3 / 23

  5. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Runtime enforcement (previous work: non-predictive ) ϕ σ ∈ Σ ∗ o ∈ ϕ Event Event Enforcer Emitter Receiver Enforcer for ϕ operating at runtime ϕ : any regular property (defined as automaton). An enforcer behaves as a function E : Σ ∗ → Σ ∗ . Input ( σ ∈ Σ ∗ ): any sequence of events over Σ (Event emitter is a black-box). Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 3 / 23

  6. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Runtime enforcement (previous work: non-predictive ) ϕ σ ∈ Σ ∗ o ∈ ϕ Event Event Enforcer Emitter Receiver Enforcer for ϕ operating at runtime ϕ : any regular property (defined as automaton). An enforcer behaves as a function E : Σ ∗ → Σ ∗ . Input ( σ ∈ Σ ∗ ): any sequence of events over Σ (Event emitter is a black-box). Output ( o ∈ Σ ∗ ): a sequence of events such that o | = ϕ . Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 3 / 23

  7. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive runtime enforcement problem (this work) ψ, ϕ σ ∈ ψ o ∈ ϕ Event Predictive Event Emitter Enforcer Receiver Predictive enforcer for ϕ operating at runtime Given property ϕ (to enforce) and input property ψ defined as automaton. Automatically synthesize an enforcer. Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 4 / 23

  8. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive runtime enforcement problem (this work) ψ, ϕ σ ∈ ψ o ∈ ϕ Event Predictive Event Emitter Enforcer Receiver Predictive enforcer for ϕ operating at runtime Given property ϕ (to enforce) and input property ψ defined as automaton. Automatically synthesize an enforcer. Input ( σ ∈ ψ ): Event emitter is not a black-box. Output ( o ∈ Σ ∗ ): a sequence of events o | = ϕ . Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 4 / 23

  9. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive runtime enforcement problem (this work) ψ, ϕ σ ∈ ψ o ∈ ϕ Event Predictive Event Emitter Enforcer Receiver Predictive enforcer for ϕ operating at runtime Given property ϕ (to enforce) and input property ψ defined as automaton. Automatically synthesize an enforcer. Input ( σ ∈ ψ ): Event emitter is not a black-box. Output ( o ∈ Σ ∗ ): a sequence of events o | = ϕ . Predictive enforcer should satisfy soundness, transparency, monotonicity, and urgency constraints. Urgency related to using ψ and release input events earlier whenever possible. Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 4 / 23

  10. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive runtime enforcement (motivations) Motivations Consider a-priori knowledge of the system (event emitter) is available. Model, information extracted using static-analysis etc. Provide a-priori knowledge of the system (event emitter) to the enforcer. Event emitter is not a black-box. How enforcer can benefit from model/knowledge of the system? Does it help to provide better QoS (eg: output some events earlier)? Example Non-safety properties (release events earlier instead of delaying). Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 5 / 23

  11. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Related works Runtime Enforcement: non-predictive Enforceable security policies – F. B. Schneider et al-2000. Runtime enforcement of non-safety policies – J. Ligatti et al-2009. Enforcement monitoring wrt. the safety-progress classification of properties – Y. Falcone et al-2010. Runtime enforcement of timed properties – S. Pinisetty et al-2012. Runtime enforcement for reactive systems – R. Bloem et al-2015. Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 6 / 23

  12. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Outline Introduction 1 Formal Problem Definition 2 Automatic Enforcer Synthesis 3 Functional Definition Algorithm Conclusion 4 Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 7 / 23

  13. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Outline Introduction 1 Formal Problem Definition 2 Automatic Enforcer Synthesis 3 Functional Definition Algorithm Conclusion 4 Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 8 / 23

  14. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Predictive enforcer Given properties ψ (input property) and ϕ (to enforce): ψ, ϕ σ ∈ ψ o ∈ ϕ Predictive Enforcer What can an enforcer do? Enforcer augmented with a memorization mechanism . CAN delay events. CANNOT insert nor delete events. CANNOT change the order of events. Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 9 / 23

  15. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Formal problem definition Properties ψ (input property) and ϕ (to enforce). ψ, ϕ σ ∈ ψ o ∈ ϕ Predictive Enforcer Predictive enforcer for ψ, ϕ Given properties ψ, ϕ ⊆ Σ ∗ , a predictive enforcer is a function E ψ,ϕ : Σ ∗ → Σ ∗ satisfying the following constraints: Soundness 1 Transparency 2 Monotonicity 3 Urgency 4 Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 10 / 23

  16. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Soundness Output is correct (satisfies ϕ ) ∀ σ ∈ ψ : E ψ,ϕ ( σ ) � = ǫ = ⇒ E ψ,ϕ ( σ ) ∈ ϕ . Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 11 / 23

  17. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Transparency TR1: events can be delayed ∀ σ ∈ Σ ∗ : E ψ,ϕ ( σ ) � σ . Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 12 / 23

  18. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Transparency TR1: events can be delayed ∀ σ ∈ Σ ∗ : E ψ,ϕ ( σ ) � σ . TR2: observed input satisfies ϕ ∀ σ ∈ Σ ∗ : σ ∈ ϕ = ⇒ E ψ,ϕ ( σ ) = σ Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 12 / 23

  19. Introduction Formal Problem Definition Automatic Enforcer Synthesis Conclusion Monotonicity Modify output only by appending new events ∀ σ, σ ′ ∈ Σ ∗ : σ � σ ′ = ⇒ E ψ,ϕ ( σ ) � E ψ,ϕ ( σ ′ ) Pinisetty , Preoteasa, Tripakis, J´ eron, Falcone, Marchand Predictive Runtime Enforcement Computational Logic Day 2016 13 / 23

Recommend

Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron

Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron

Introduction Enforcement of timed properties Enforcement of safety properties Conclusion Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron 1 , Herv e Marchand 1 , Antoine Rollet 3 and Omer

1.34k views • 39 slides
Runtime Enforcement of Regular Timed Properties es Falcone 2 , Thierry J eron 1 , Herv e

Runtime Enforcement of Regular Timed Properties es Falcone 2 , Thierry J eron 1 , Herv e

Introduction Specifying Timed Properties Runtime Enforcement of Regular Timed Properties Conclusions and FW Runtime Enforcement of Regular Timed Properties es Falcone 2 , Thierry J eron 1 , Herv e Marchand 1 Srinivas Pinisetty, Yli` INRIA

1.22k views • 100 slides
Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph

Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph

Runtime Model Predictive Verification on Embedded Platforms 1 Pei Zhang, Jianwen Li, Joseph Zambreno, Phillip H. Jones, Kristin Yvonne Rozier Presenter: Pei Zhang Iowa State University peizhang@iastate.edu September 28, 2018 1 Work supported

487 views • 32 slides
Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha

Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha

Part-I: Introduction Preliminaries Problem Def. Functional Def. Algorithm Application to SCCharts and Results Conclusions Runtime Enforcement of Reactive Systems using Synchronous Enforcers Srinivas Pinisetty 1 , Partha Roop 3 , Steven Smyth

665 views • 39 slides
CLIENT-SIDE RUNTIME ANALYSIS AND ENFORCEMENT Ben Livshits, Microsoft Research Overview of

CLIENT-SIDE RUNTIME ANALYSIS AND ENFORCEMENT Ben Livshits, Microsoft Research Overview of

CLIENT-SIDE RUNTIME ANALYSIS AND ENFORCEMENT Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Background (rehash) Better runtimes CSP HTML5 Sandbox Language restrictions AdSafe FBJS Tradeoffs of

998 views • 48 slides
Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics)

Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics)

Introduction Preliminaries Semantics of Runtime Control Semantics of Synthesis of Controlling Programs Expressiveness of Controlling Runtime Monitoring, Verification, Enforcement and Control of C Programs (From Tool to Semantics) Zhe Chen

558 views • 55 slides
in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order

Monitoring of enforcement in Hungary Enforcement procedure Procedure after Ordering enforcement enforcement order Ordering enforcement Authorities court notary public Enforcement order certificate of enforcement

540 views • 12 slides
Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . .

Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . .

Predictive vs. . . . Remaining Problem: . . . Need for Formalization What Do We Mean by . . . Why the Best Predictive What Do We Mean by . . . Models Are Often Different Main Result: . . . Proof for Predictive Case from the Best Explanatory

900 views • 28 slides
14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement

14.471: Public Economics Tax Enforcement Emmanuel Saez MIT: Fall 2009 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10%

1.12k views • 45 slides
Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive

Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive

Evaluating Predictive Analytics for Capacity Planning HIC 2015 Andrae Gaeth What is predictive analytics? Predictive analytics is the practice of extracting information from existing data sets, and then applying various techniques (eg,

452 views • 15 slides
JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement

Assistant Commander Brandi Reeder Law Enforcement Division - Fisheries Law Administrator JOINT ENFORCEMENT AGREEMENT SE DIVISION Cooperative Enforcement Program Joint Enforcement Agreement One of the most effective programs in NOAAs

600 views • 30 slides
Runtime Considerations Were moving towards actually producing target code. This means we need

Runtime Considerations Were moving towards actually producing target code. This means we need

10/29/2012 Runtime Considerations Were moving towards actually producing target code. This means we need to consider the runtime actions of the program. CS 1622: Runtime support: Functions and local variable storage Activation

160 views • 4 slides
Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs

Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs

Automating Predictive Analytics www.xpanseanalytics.com Agenda Predictive Analytics vs Classification The Problem 3 Case Studies The Solution Demo Time Q&A xpanse analytics - confidential materials Some real-life examples from the

318 views • 12 slides
Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to

Runtime systems Runtime systems Functional program are very high-level: its not obvious how to Programmation Fonctionnelle Avance implement them. http://www-lipn.univ-paris13.fr/~saiu/teaching/PFA-2010 Complex library support at run time

220 views • 8 slides
230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most

230B: Public Economics Tax Enforcement Emmanuel Saez Berkeley 1 Tax Enforcement Problem Most models of optimal taxation (income or commodity) as- sume away enforcement issues. In practice: 1) Enforcement is costly (eats up around 10% of

889 views • 55 slides
Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU

Another approach to runtime checking Typical runtime checking is by duplicating entire CPU Expensive in power, area No protection from design errors Does not survive permanent faults Last time we saw an approach that leveraged

246 views • 7 slides
Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in

Horizon Runtime Efficient Event Scheduling in Runtime Efficient Event Scheduling in Multi-threaded Network Simulation Georg Kunz, Mirko Stoffers, James Gross, Klaus Wehrle Geo g u , o Sto e s, Ja es G oss, aus e e

937 views • 58 slides
Overcoming big data bottlenecks in healthcare : a Predictive Modeling case study Predictive

Overcoming big data bottlenecks in healthcare : a Predictive Modeling case study Predictive

Overcoming big data bottlenecks in healthcare : a Predictive Modeling case study Predictive Analytics World, San Francisco April 5, 2016 Paddy Padmanabhan, CEO Damo Consulting Josh Liberman, Ph.D, Executive Director RD & D, Sutter Health

456 views • 27 slides
Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles &

Technology in Enforcement Improving enforcement for engine idling of on-road vehicles & non-road engines in the District of Columbia Kelly Crawford Chief, Compliance and Enforcement Branch Air Quality Division Department of Energy &

132 views • 10 slides
1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims

1. Enforcement Figures 2. Boat Numbers 3. Enforcement Cases 4. Enforcement Team 5. General Aims Simon London Evasion Stats vs Boat Numbers 14 3500 12 3000 10 2500 No of Boats Evasion % 8 2000 6 1500 4 1000 2 500 0 0 2007

262 views • 13 slides
Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of

Engagement, Not Enforcement: Collaborating with Law Enforcement on Engagement and Assessment of Service Resistant Populations Lt. Charlie Consolian, City of Phoenix PD Margaret Kilman MPA, Human Services Campus Melissa Kovacs PhD,

473 views • 20 slides
Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework

Testing Concurrency Runtime via a Testing Concurrency Runtime via a Stochastic Stress Framework Stochastic Stress Framework Atilla Gunal Technical Computing Group Microsoft Agenda Agenda The Product Concurrency Runtime The

362 views • 21 slides
pTec Predictive Maintenance Solution Predictive Maintenance Solutions by Indalyz AG What if you

pTec Predictive Maintenance Solution Predictive Maintenance Solutions by Indalyz AG What if you

pTec Predictive Maintenance Solution Predictive Maintenance Solutions by Indalyz AG What if you were able to forecastwhen your equipment will fail, or when maintenance should really be performed? Being able to control budgets, downtimes,

1.29k views • 17 slides
Plan for Today Recall Predictive Parsing when it works and when it doesnt necessary to

Plan for Today Recall Predictive Parsing when it works and when it doesnt necessary to

Plan for Today Recall Predictive Parsing when it works and when it doesnt necessary to remove left-recursion might have to left-factor Error recovery for predictive parsers Predictive parsing as a specific subclass of recursive

590 views • 10 slides

More recommend