Runtime Verification for Ultra-Critical Systems

Pike, Lee; Niller, Sebastian; Wegmann, Nis

doi:10.1007/978-3-642-29860-8_23

Cited by 47 publications

(31 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Runtime verification is presented in the context of ultra-critical embedded systems by Pike et al (2011), who define an ultra critical system as an embedded system which senses and/or controls the physical world within fixed and time-critical constraints. Runtime verification of these systems must account for hardware faults and random failures, in addition to software design faults.…”

Section: Runtime Verification Of Embedded Control Systemsmentioning

confidence: 99%

“…This instrumentation would pose challenges to in critical systems as it may violate the requirements for Functionality, Certifiability and Timing as identified in Pike et al (2011), as previously discussed in ??. The current solution in Sen et al (2004) deals only with safety properties not liveness properties.…”

Section: Runtime Verification Of Distributed Systemsmentioning

confidence: 99%

See 1 more Smart Citation

Towards a Distributed Runtime Monitor for ICS/SCADA Systems

Wain

Reiff-Marganiec

Jones

et al. 2016

Electronic Workshops in Computing

View full text Add to dashboard Cite

Industrial Control Systems (ICS) and SCADA (Supervisory Control and Data Acquisition) systems are typically used in industries such as electricity generation and supply, gas supply, logistics, manufacturing and hospitals and are considered critical national infrastructure. The evolution of these systems from isolated environments into internet connected ones, in combination with their long service life and real-time nature have raised severe security concerns in the event of a cyber-attack. In this paper, we review the current literature surrounding the threats, vulnerabilities, exploits and existing approaches to securing vulnerable SCADA systems. We then focus specifically on the development of a distributed online runtime monitor to detect violations of safety properties. We conclude with suggestions for further research needed to progress the state of the art in the area of distributed online runtime verification of SCADA systems.

show abstract

Section: Runtime Verification Of Embedded Control Systemsmentioning

confidence: 99%

Section: Runtime Verification Of Distributed Systemsmentioning

confidence: 99%

Towards a Distributed Runtime Monitor for ICS/SCADA Systems

Wain

Reiff-Marganiec

Jones

et al. 2016

Electronic Workshops in Computing

View full text Add to dashboard Cite

show abstract

“…Since the underlying BDD for BraceAssertion requires manual instrumentation, this approach is orthogonal and complementary to our framework. There are a few existing efficient specification languages that we could use as the basis of our framework [26], however we believe the wide popularity and intuitiveness of BDD makes our work more accessible to real CPS practitioners.…”

Section: G Threats To Validitymentioning

confidence: 99%

BraceAssertion: Runtime Verification of Cyber-Physical Systems

Zheng

Julien

Podorozhny

et al. 2015

2015 IEEE 12th International Conference on Mobile Ad Hoc and Sensor Systems

View full text Add to dashboard Cite

Abstract-Cyber-Physical Systems (CPS) have gained wide popularity, however, developing and debugging CPS remain significant challenges. Many bugs are detectable only at runtime under deployment conditions that may be unpredictable or at least unexpected at development time. The current state of the practice of debugging CPS is generally ad hoc, involving trial and error in a real deployment. For increased rigor, it is appealing to bring formal methods to CPS verification. However developers often eschew formal approaches due to complexity and lack of efficiency. This paper presents BraceAssertion, a specification framework based on natural language queries that are automatically converted to a determinitic class of timed automata used for runtime monitoring. To reduce runtime overhead and support properties that reference predicate logic, we use a second monitor automaton to create filtered traces on which to run the analysis using the specification monitor. We evaluate the BraceAssertion framework using a real CPS case study and show that the framework is able to minimize runtime overhead with an increasing number of monitors. I. INTRODUCTIONCyber-Physical Systems (CPS) are found in applications in structural monitoring, autonomous vehicles, and many other fields. Compared with the growth of the domain, verification and validation of CPS lags far behind [32]. The state of the practice in debugging CPS generally entails a combination of simulation and in situ debugging. In a 2007 DARPA Urban Challenge Vehicle, a bug undetected by more than 300 miles of test-driving resulted in a near collision. An analysis of the incident found that, to protect the steering system, the interface to the physical hardware limited the steering rate to low speeds [23]. When the path planner produced a sharp turn at higher speeds, the vehicle physically could not follow, and this unanticipated situation caused the bug. The analysis concluded that, although simulation-centric tools are indispensable for rapid prototyping, design, and debugging, they are limited in providing correctness guarantees. State of the art formal methods tools, including static analysis, theorem proving, and model checking, are insufficient in tackling the challenges in CPS verification and validation [32]. Other verification techniques, including model-based testing [11] and simulation [16] have high learning curves, impractical development costs, and scalability issues. Domain specific tools (e.g., passive distributed assertions [29] and symbolic execution [30]), though more scalable, fail to formally verify either qualitative constraints (e.g., the ordering of events), quantitative ones (e.g., timing), or both. Ad hoc debugging has become the de facto

show abstract

“…The IEEE defines runtime verification as: "the discipline of computer science that deals with the study, development, and application of those verification techniques that allow checking whether a run of a system under scrutiny satisfies or violates a given correctness property" [11]. There have been several interesting surveys and analyses of such approaches [12], [13], [14]. The authors highlight the appropriateness of runtime verification for safety-critical systems.…”

Section: Related Workmentioning

confidence: 99%

“…• Non-independent monitors, also called intrusive [15] or in-line [13] monitors, such as those presented in [14], [16], [17], [18]. These works aim to deal with real-time challenges like time sampling and the synchronization between the monitor and the monitored system.…”

Section: Related Workmentioning

confidence: 99%

Safety Trigger Conditions for Critical Autonomous Systems

Mekki-Mokhtar

Blanquart²,

Guiochet

et al. 2012

2012 IEEE 18th Pacific Rim International Symposium on Dependable Computing

View full text Add to dashboard Cite

Abstract-A systematic process for eliciting safety trigger conditions is presented. Starting from a risk analysis of the monitored system, critical transitions to catastrophic system states are identified and handled in order to specify safety margins on them. The conditions for existence of such safety margins are given and an alternative solution is proposed if no safety margin can be defined. The proposed process is illustrated on a robotic rollator.

show abstract

Runtime Verification for Ultra-Critical Systems

Cited by 47 publications

References 22 publications

Towards a Distributed Runtime Monitor for ICS/SCADA Systems

Towards a Distributed Runtime Monitor for ICS/SCADA Systems

BraceAssertion: Runtime Verification of Cyber-Physical Systems

Safety Trigger Conditions for Critical Autonomous Systems

Contact Info

Product

Resources

About