Anticipatory active monitoring for safety- and security-critical software

Since formal verification and testing of systems is normally faced with challenges such as state explosion and uncertain execution environments, it is extremely difficult to exhaustively verify and test software during the development phase. Therefore, monitoring has become an indispensable means for finding latent software faults at runtime. Most current monitoring approaches only generate passive monitors, which cannot foresee possible faults and consequently cannot prevent their occurrence. In this paper, we propose an active monitoring approach based on runtime verification. This approach aims to predict possible incoming violations using a monitor that executes anticipatory semantics of temporal logic, and then generates the necessary steering actions according to a partial system model, which steers the system away from paths causing these violations. In this case, the monitor and monitored system make up a discrete feedback control loop. We further investigate the control theory behind active monitoring so that non-blocking controllability can be achieved. The results of applying active monitoring to two cases, a railway crossing control system and security-enhanced Linux (SELinux), show that the method can effectively ensure both safety and security properties at runtime.