Shield synthesis

Abstract: Shield synthesis is an approach to enforce safety properties at runtime. A shield monitors the system and corrects any erroneous output values instantaneously. The shield deviates from the given outputs as little as it can and recovers to hand back control to the system as soon as possible. In the first part of this paper, we consider shield synthesis for reactive hardware systems. First, we define a general framework for solving the shield synthesis problem. Second, we discuss two concrete shield synthesis me… Show more

“…The idea of error-correcting run-time enforcement shield was proposed in the pioneering work of Bloem et al [2], where the notion of k-stabilizing shield (with a synthesis algorithm) was proposed. This was further enhanced by Konighofer et al [9]. Extension of shield synthesis to liveness properties has also been explored in this paper.…”

“…Logic QDDC is a discrete time version of Duration Calculus proposed by Zhou, Hoare and Ravn [5,4] with known automata theoretic decision and model checking procedures [13,3,17,10]. Using the proposed technique, we have specified the k-stabilizing shield of Konighofer et al [9], the burst shield of Wu et al [21,20], as well as a new e, dshield. Moreover, we have measured the performance of the shields resulting from these different criteria in terms of the expected value of deviation in long runs, as well as the worst case burst deviation latency.…”

“…E.g. in Figure 1, σ , [5,9] |= until(p, q, 3) with j = 8. The first disjunct holds for an interval [b, e] provided e − b < n and p holds throughout the interval.…”

“…A central issue in designing run-time enforcement shields is the underlying notion of "deviating as little as possible" from the SSE output. There are several different notions explored in the literature [2,9,21,20]. In their pioneering paper, Bloem et al [2] proposed the notion of k-stabilizing shield which may deviate for at most k cycles continuously under suitable assumptions.…”

“…We show how tool DCSynth implementing soft requirement guided synthesis can be used for automatic synthesis of shields from a given specification. Next, we give logical formulas specifying several notions of shields including the k-Stabilizing shield of Bloem et al [2,9] as well as the Burst-error shield of Wu et al [21], and a new e, d-shield. Shields can be automatically synthesized for all these specifications using the tool DCSynth.…”

Specification and Optimal Reactive Synthesis of Run-time Enforcement Shields

“…The idea of error-correcting run-time enforcement shield was proposed in the pioneering work of Bloem et al [2], where the notion of k-stabilizing shield (with a synthesis algorithm) was proposed. This was further enhanced by Konighofer et al [9]. Extension of shield synthesis to liveness properties has also been explored in this paper.…”

“…Logic QDDC is a discrete time version of Duration Calculus proposed by Zhou, Hoare and Ravn [5,4] with known automata theoretic decision and model checking procedures [13,3,17,10]. Using the proposed technique, we have specified the k-stabilizing shield of Konighofer et al [9], the burst shield of Wu et al [21,20], as well as a new e, dshield. Moreover, we have measured the performance of the shields resulting from these different criteria in terms of the expected value of deviation in long runs, as well as the worst case burst deviation latency.…”

“…E.g. in Figure 1, σ , [5,9] |= until(p, q, 3) with j = 8. The first disjunct holds for an interval [b, e] provided e − b < n and p holds throughout the interval.…”

“…A central issue in designing run-time enforcement shields is the underlying notion of "deviating as little as possible" from the SSE output. There are several different notions explored in the literature [2,9,21,20]. In their pioneering paper, Bloem et al [2] proposed the notion of k-stabilizing shield which may deviate for at most k cycles continuously under suitable assumptions.…”

“…We show how tool DCSynth implementing soft requirement guided synthesis can be used for automatic synthesis of shields from a given specification. Next, we give logical formulas specifying several notions of shields including the k-Stabilizing shield of Bloem et al [2,9] as well as the Burst-error shield of Wu et al [21], and a new e, d-shield. Shields can be automatically synthesized for all these specifications using the tool DCSynth.…”

Specification and Optimal Reactive Synthesis of Run-time Enforcement Shields

Formal Methods

Traffic Management for Urban Air Mobility