Kevin Falzon scite author profile

Abstract. Security information and event management (SIEM) systems usually consist of a centralized monitoring server that processes events sent from a large number of hosts through a potentially slow network. In this work, we discuss how monitoring efficiency can be increased by switching to a model of aggregated traces, where monitored hosts buffer events into lossy but compact batches. In our trace model, such batches retain the number and types of events processed, but not their order. We present an algorithm for automatically constructing, out of a regular finitestate property definition, a monitor that can process such aggregated traces. We discuss the resultant monitor's complexity and prove that it determines the set of possible next states without producing false negatives and with a precision that is optimal given the reduced information the trace carries.

show abstract

Delta-Oriented Monitor Specification

Bodden

Falzon

Pun

et al. 2012

View full text Add to dashboard Cite

Abstract. Delta-oriented programming allows software developers to define software product lines as variations of a common code base, where variations are expressed as so-called program deltas. Monitor-oriented programming (MOP) provides a mechanism to execute functionality based on the execution history of the program; this is useful, e.g., for the purpose of runtime verification and for enforcing security policies. In this work we discuss how delta-oriented programming and MOP can benefit from each other in the Abstract Behavior Specification Language (ABS) through a new approach we call Delta-oriented Monitor Specification (DMS). We use deltas over monitor definitions to concisely capture protocol changes induced by feature combinations, and propose a notation to denote these deltas. In addition, we explore the design space for expressing runtime monitors as program deltas in ABS. A small case study shows that our approach successfully avoids code duplication in monitor specifications and that those specifications can evolve hand in hand with feature definitions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kevin Falzon

Combining Testing and Runtime Verification Techniques

Towards a Comprehensive Model of Isolation for Mitigating Illicit Channels

Distributed Finite-State Runtime Monitoring with Aggregated Events

Delta-Oriented Monitor Specification

Contact Info

Product

Resources

About