Download Runtime Verification using LARVA

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
Document related concepts
no text concepts found
Transcript 
POLYLARVA
Technology Agnostic
Runtime Verification
A System’s Behaviour
Testing
Model Checking
Runtime Verification
Inputs to Runtime Verification
System
•No more than 10 users can
be logged onto the system at
any one time
•A user cannot execute more
than 3 failed transactions in
one session
•A user which has been idle
for more than 5 minutes
should be logged out
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
Creating a Runtime Monitor
The LARVA Architecture
LARVA – JAVA Specific
Property to be verified : New accounts can be added for a User if the User settings allow
It. Otherwise this should be disallowed.
before ( User u1) : (call(* User.addAccount(..)) && target(u1)
&& !cflow(adviceexecution())) {
Monitor monitor_instance = getMonitorInstance(u1);
monitor_instance.call(thisJoinPoint.getSignature().toString(),
8/*addAccount*/);
}
LARVA – JAVA Specific
Property to be verified : New accounts can be added for a User if the User settings allow
It. Otherwise this should be disallowed.
if
((_occurredEvent(_event,8/*addAccount*/))
&& (!u .canAddAccounts ())){
_state_id_account = 5;//moving to state
cannotadd
_goto_account(_info);
}
LARVA – JAVA Specific
Property to be verified : New accounts can be added for a User if the User settings allow
It. Otherwise this should be disallowed.
if
((_occurredEvent(_event,8/*addAccount*/))
&& (!u .canAddAccounts ())){
_state_id_account = 5;//moving to state
cannotadd
_goto_account(_info);
}
Goals for PolyLARVA
1) Improve LARVA framework to become a
customisable monitoring architecture supporting
potentially numerous platforms and technologies
System
(Any Language)
Generated
Monitor
Notifies monitor when specific
Events take place
Evaluates monitoring logic
The PolyLARVA Specification Language
• The PolyLarva specification language proposed
is an ECA (Event-Condition-Action) rule-based
language
rule name : event \ condition  action
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts ->
logTooMany;
The PolyLARVA Specification Language
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts ->
logTooMany;
states {
int accountCnt
}
conditions{
isTooManyAccts = {accountCnt > 5;}
}
The PolyLARVA Specification Language
ruleAddAccnt: addAccount(u2, a) \ isTooManyAccts ->
logTooMany;
states {
int accountCnt
}
conditions{
isTooManyAccts = {accountCnt > 5;}
}
actions {
logTooMany = {System.out.println("Account limit
of 5 exceeded.");}}
}
Evaluating Conditions & Actions
ruleAddUser: addUser( ) \ usercount > 5  logTooManyUsers
Monitor
Keep Integer count of users in system usercount
Increment counter on new user
addition.
Compare this counter against a set
limit on every new user addition
Log warning message
addUser()
System
Evaluating Conditions & Actions
ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccount
u.canAddAccounts()
Monitor
System
addAccount(User u)
canAddAccounts is a property of a
User Instance
Monitor must refer to system to obtain
evaluation of condition
Evaluating Conditions & Actions
ruleAddUser: addAccount( User u ) \ u.canAddAccounts() logNewAccount
u.canAddAccounts()
Monitor
canAddAccounts is a property of a
User Instance
Monitor must refer to system to obtain
evaluation of condition
System
System vs Monitor
Conditions & Actions
Monitor
System
Monitor Side
System Side
Can be evaluated by monitor – no
reference to system specific properties
Must be evaluated on the system –
reference variables and methods declared
in system code
Must be written in JAVA code
Must be written in system language
conditions {
monitorSide {
isTooManyAccts = {accountCnt > 5;}
}
}
conditions {
systemSide {
cannotAddAccts =
{return !user.canAddAcounts();}
}
}
The PolyLARVA Architecture
Phase 1: Creation of JAVA code which covers the monitor logic for validating properties
The PolyLARVA Architecture
Phase 2: Creation of code which will be used to instrument the system code
Creation of ‘Aspect’ code
The PolyLARVA Architecture
Phase 2: Creation of code which will be used to instrument the system code
Creation of code that adds monitor logic on system side
The PolyLARVA Architecture Communication
Communication between Monitor and Instrumented System via Sockets
The PolyLARVA Language Specific
Compiler
Generation of ‘Aspect’ Code
Aspect Code
• The Runtime Monitor must be aware of any events,
relevant to monitoring, that occur on the system
• Aspect Programming is ideal for use in Runtime
Monitoring systems
• Can support a large number of programming
languages , though not all
Generation of JAVA ‘Aspect’ Code
Aspect Code
Event Specification
addAccount(User u2, Account a) = {execution Account a.new(User u2)}
Context_Aspect.aj
before(Account a,User u2):target(a) && execution(Account.new(..))
&& args (u2)&& !cflow(adviceexecution()){
LarvaCommClient.getClientConnection().sendMessage(
LarvaCommClient.ASPECT_EVENT, 5,
UniqueIDGenerator.getIdentifier(a)+","+
UniqueIDGenerator.getIdentifier(u2)+",");
}
What if our system program is written
in PERL?
Aspect Code
Event Specification
addAccount(User u2, Account a) = {execution Account a.new(User u2)}
Context_Aspect.pl
PERL Aspect Code
[uses Aspect.pm]
Uses socket connection
to communicate with
monitor
Generation of Monitor ‘Helper’ Code
(System Side)
Helper Code
conditions{
systemSide {
cannotAddAccts =
}
} %%conditions
{!user.canAddAcounts();}
System side code
copied verbatim to
generated code.
Helper code becomes
part of System.
PolyLARVA – A Flexible Runtime
Monitoring System
QDDC
JAVA
C++
C#
PERL
...
Counterexample
Formulas
LUSTRE
DATEs

RuleBased
PolyLARVA – A Flexible Runtime
Monitoring System
QDDC
JAVA
C++
C#
PERL
...

Counterexample
Formulas

LUSTRE

DATEs

RuleBased
PolyLARVA – A Flexible Runtime
Monitoring System
QDDC
JAVA
C++
C#
PERL
...

Counterexample
Formulas

LUSTRE

DATEs

RuleBased

PolyLARVA – A Flexible Runtime
Monitoring System
QDDC
JAVA
C++
C#
PERL
...

Counterexample
Formulas

LUSTRE

DATEs

RuleBased




...
Future Work on PolyLARVA Runtime
Monitor
• Implementation of other Language Specific
Compilers
• Implementation of translator for specification
in DATEs format to new PolyLarvaspecification
• Analysis of specification script for optimisation
of rules
• Ability to save and load Monitor state
• Any more?
POLYLARVA Technology Agnostic Runtime Verification
THE END
Related documents
Security Agents for Network Traffic Analysis
Security Agents for Network Traffic Analysis
A safe mobile agent system for distributed intrusion detection
A safe mobile agent system for distributed intrusion detection
Chapter 1 questions
Chapter 1 questions
Midterm 2 review
Midterm 2 review
Senior Developer Java and Perl
Senior Developer Java and Perl
Project 3 IC312: Data Structures Criteria Grade
Project 3 IC312: Data Structures Criteria Grade
Ying Chen
Ying Chen
Name - ReachIvy
Name - ReachIvy
Runtime Errors - University of Nebraska Omaha
Runtime Errors - University of Nebraska Omaha
Waratek Zero Day Protection Visibility and Forensics Legacy Apps
Waratek Zero Day Protection Visibility and Forensics Legacy Apps
Performance
Performance