Assessing the genuineness of events in runtime monitoring of cyber systems

Article English OPEN
Tsigritis, T. ; Spanoudakis, G. (2013)

Monitoring security properties of cyber systems at runtime is necessary if the preservation of such properties cannot be guaranteed by formal analysis of their specification. It is also necessary if the runtime interactions between their components that are distributed over different types of local and wide area networks cannot be fully analysed before putting the systems in operation. The effectiveness of runtime monitoring depends on the trustworthiness of the runtime system events, which are analysed by the monitor. In this paper, we describe an approach for assessing the trustworthiness of such events. Our approach is based on the generation of possible explanations of runtime events based on a diagnostic model of the system under surveillance using abductive reasoning, and the confirmation of the validity of such explanations and the runtime events using belief based reasoning. The assessment process that we have developed based on this approach has been implemented as part of the EVEREST runtime monitoring framework and has been evaluated in a series of simulations that are discussed in the paper.
  • References (13)
    13 references, page 1 of 2

    [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] Alberti M. et al., Abduction with Hypotheses Confirmation, Int. Joint Conf. on Artificial Intelligence, 19: 1545-1546, 2005

    Allen J. F., Maintaining Knowledge about Temporal Intervals. Communications of the ACM 26(1): 832-843, 1983

    Armenteros A. et al., Realising the Potential of SERENITY in Emerging AmI Ecosystems: Implications and Challenges, In Security and Dependability for Ambient Intelligence, Advances in Information Security, Springer, 2009

    Artho C, et al., JNuke: Efficient Dynamic Analysis for Java. 16th Int. Conf. On Computer Aided Verification, LNCS 3114: 462-465, 2004

    Baresi L, and Guinea S, Towards Dynamic Monitoring of WS-BPEL Processes. 3rd Int. Conf. On Service Oriented Computing, 2005.

    Barringer H., et al., Rule-Based Runtime Verification. 5th Int. Conf. on Verification, Model Checking, and Abstract Interpretation, LNCS 2937: 44-57, 2004 Barringer H., Rydeheard D., and Havelund K. Rule systems for run-time monitoring: From Eagle to RuleR. In Runtime Verification, pp. 111-125, Springer Berlin/Heidelberg, 2007 Bouyer P., et al., Fault Diagnosis using Timed Automata. LNCS 3441:219-233, 2005 Brörkens M., and Möller M., Jassda trace assertions, runtime checking the dynamic of java programs. Int. Conf. on Testing of Communicating Systems, Berlin, Germany, pp. 39-48, 2002 Chen F., and Rosu G., Towards Monitoring-Oriented Programming: A Paradigm Combining Specification and Implementation. In Electronic Notes in Theoretical Computer Science, 89(2): 108- 127, 2003

    Console L., Terenziani P., and Dupre D.T., Local reasoning and knowledge compilation for efficient temporal abduction. IEEE Transactions on Knowledge and Data Engineering, 14(6): 1230-1248, 2002

    d'Amorim M., and Havelund K., Event-based runtime verification of Java programs. ACM SIGSOFT Software Engineering Notes, 30(4): 1-7, 2005

    Drusinsky D. The Temporal Rover and the ATG Rover. In SPIN Model Checking and Software Verification, LNCS 1885: 323-330, 2000

    Shafer G., A Mathematical Theory of Evidence., Princeton University Press, 1975 Schneider F.B., Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3(1): 30-50, 2000 Spanoudakis G., Kloukinas C., and Mahbub K., The SERENITY Runtime Monitoring Framework, In Security and Dependability for Ambient Intelligence, Advances in Information Security Series, Springer, pp. 213-238, 2009

  • Metrics
    No metrics available
Share - Bookmark