Safe Generation and Instrumentation of Runtime Verification Architectures
When making use of monitors in critical systems, it must be ensured that they neither negatively influence the security aspects of the original system nor affect the functional and the safety non-functional requirements of the system (e.g., task scheduling [IRVF1]). Guaranteeing that the deployment of such solutions does not negatively influence the dependability properties of systems can be overly complicated and time-consuming when no proper integration methods are used.
To abstract the formalities of correctly integrating monitoring architectures in the target system and reduce the steep learning curve associated with the usage of formal specification languages, which is common with RV based on formal specifications, we propose a new domain specific language (and associated tools) named MARS [IRVF2]. MARS will let developers focus what needs to be monitored instead of worrying about how to safely integrate such monitoring solutions to their target systems.
To achieve that, MARS will allow users to associate RV specifications with the components of a target system, providing support for a timing analysis over the combined system coupled with the instrumented monitors. MARS will ensure compliance with timeliness requirements and will support the generation of monitors from the formal specifications following a correct-by-construction approach. The generated monitors will be coupled with the target system via a runtime monitoring architecture that will link the interfaces of the system with those of the generated monitors.
- Abstracts critical concepts that have a steep learning curve from the typical developer, allowing the focus to be on the specification of the monitors, not on their integration with a target system;
- Possibility of increasing of the overall system reliability without compromising security and safety aspects, via a correct generation of monitors.
- The use of runtime monitoring solutions inevitably implies extra overheads in the target system;
- Designing a DSL to facilitate the formal specification of monitors can be tricky when such monitors get overly complex.
[IRVF1] Khan, M. T., Serpanos, D., Shrobe, H. “A rigorous and efficient run-time security monitor for real-time critical embedded system applications.” In 2016 IEEE 3rd World Forum on Internet of Things (WF-IoT), 100–105. December 2016.
[IRVF2] G. S. Nandi, D. Pereira, J. Proença and E. Tovar, "Work-In-Progress: a DSL for the safe deployment of Runtime Monitors in Cyber-Physical Systems," 2020 IEEE Real-Time Systems Symposium (RTSS), 2020, pp. 395-398, doi: 10.1109/RTSS49844.2020.00047.