# Monitoring hyperproperties

@article{Finkbeiner2017MonitoringH,
title={Monitoring hyperproperties},
author={Bernd Finkbeiner and Christopher Hahn and Marvin Stenger and Leander Tentrup},
journal={Formal Methods in System Design},
year={2017},
volume={54},
pages={336 - 363}
}
• Published 2 July 2018
• Computer Science
• Formal Methods in System Design
Hyperproperties, such as non-interference and observational determinism, relate multiple system executions to each other. They are not expressible in standard temporal logics, like LTL, CTL, and CTL*, and thus cannot be monitored with standard runtime verification techniques. \documentclass[12pt]{minimal} \usepackage{amsmath} \usepackage{wasysym} \usepackage{amsfonts} \usepackage{amssymb} \usepackage{amsbsy} \usepackage{mathrsfs} \usepackage{upgreek} \setlength{\oddsidemargin}{-69pt} \begin…
42 Citations
Efficient monitoring of hyperproperties using prefix trees
• Computer Science
International Journal on Software Tools for Technology Transfer
• 2020
A novel trace storage technique is introduced that arranges the traces in a tree-like structure to exploit partially equal traces and can be used to detect spurious dependencies in hardware designs.
Synthesis from hyperproperties
• Computer Science
Acta Informatica
• 2019
The reactive synthesis problem for hyperproperties given as formulas of the temporal logic HyperLTL, which subsumes many classical extensions of the LTL realizability problem, is studied and it is shown that, while the synthesis problem is undecidable for full HyperL TL, it remains decidable for the fragments beyond these fragments.
Monitoring Hyperproperties by Combining Static Analysis and Runtime Verification
• Computer Science, Mathematics
ISoLA
• 2018
The problem of runtime verification of hyperproperties expressed as HyperLTL formulas that involve quantifier alternation is studied, and the idea of departing from the convention that all traces come from executions of a single system is departed.
Efﬁcient monitoring of hyperproperties using preﬁx trees
• Computer Science
• 2020
This article introduces a novel trace storage technique that arranges the traces in a tree-like structure to exploit partially equal traces and shows how RVHyper can be used to detect spurious dependencies in hardware designs.
Constraint-Based Monitoring of Hyperproperties
• Computer Science
TACAS
• 2019
This work rewriting a hyperproperty in the temporal logic HyperLTL to a Boolean constraint system and compares its implementation, which utilizes either BDDs or a SAT solver to store and evaluate constraints, to the automata-based monitoring tool RVHyper.
Gray-box Monitoring of Hyperproperties (Extended Version)
• Computer Science
FM
• 2019
This work refine the classic notions of monitorability, both for trace properties and hyperproperties, taking into account the computability of the monitor, to monitor a privacy hyperproperty called distributed data minimality, expressed as a HyperLTL property, by using an SMT-based static verifier at runtime.
The Best a Monitor Can Do
• Computer Science
CSL
• 2021
A definition of optimal monitors that verify the best monitorable underor over-approximation of a specification, regardless of its monitorability status is proposed, to enable prior knowledge to be optimally incorporated into runtime monitors.
Statistical Model Checking for Hyperproperties
• Computer Science
2021 IEEE 34th Computer Security Foundations Symposium (CSF)
• 2021
This paper investigates the problem of statistical model checking (SMC) for hyperproperties and introduces SMC algorithms for verifying HyperPCTL* formulas on discrete-time Markov chains, based on sequential probability ratio tests (SPRT) with a new notion of multidimensional indifference region.
Gray-box monitoring of hyperproperties with an application to privacy
• Computer Science
Formal Methods Syst. Des.
• 2021
This work proposes a gray-box approach to runtime verification that uses an SMT-based static verifier as an oracle at run time allowing, in some cases, to give a final verdict for properties that are considered to be non-monitorable under a black- box approach.
Verifying Hyperliveness
• Computer Science
CAV
• 2019
This paper reduces existential quantification to strategic choice and shows that synthesis algorithms can be used to eliminate the existential quantifiers automatically and can be extended to reactive system synthesis, i.e., to automatically construct a reactive system that is guaranteed to satisfy a given HyperLTL formula.

## References

SHOWING 1-10 OF 47 REFERENCES
RVHyper: A Runtime Verification Tool for Temporal Hyperproperties
• Computer Science, Mathematics
TACAS
• 2018
It is shown how $$\text {RVHyper}$$ can be used to detect spurious dependencies in hardware designs and extended to extend linear-time temporal logic with trace quantifiers and trace variables.
Monitoring Hyperproperties by Combining Static Analysis and Runtime Verification
• Computer Science, Mathematics
ISoLA
• 2018
The problem of runtime verification of hyperproperties expressed as HyperLTL formulas that involve quantifier alternation is studied, and the idea of departing from the convention that all traces come from executions of a single system is departed.
Monitoring hyperproperties
• Computer Science
Formal Methods Syst. Des.
• 2019
It is shown that deciding the monitoriability problem for alternation-free HyperLTL is PS P A C E -complete while the problem is undecidable in general, and a technique is presented that minimizes the number of traces that need to be stored.
Monitorability of omega-regular languages
The complexity of the monitorability problem is determined and it is shown that this result, in fact, transfers to omega-regular languages in general, i.e., whether they are given by an LTL formula, a nondeterministic Buechi automaton, or even by an omega- regular expression.
The Complexity of Monitoring Hyperproperties
• Computer Science
2018 IEEE 31st Computer Security Foundations Symposium (CSF)
• 2018
The combined complexity in the size of the Kripke structure and the length of the HyperLTL formula is PSPACE-complete for both trees and acyclic KripK structures, and is as low as NC for the relevant case of trees and alternation-freeHyperLTL formulas.
Runtime Verification of k-Safety Hyperproperties in HyperLTL
• Computer Science
2016 IEEE 29th Computer Security Foundations Symposium (CSF)
• 2016
A novel runtime verification technique for a rich sub-class of Clarkson and Schneider's hyperproperties based on runtime formula progression as well as on-the-fly monitor synthesis across multiple executions for monitoring k-safety and co-k-safety hyperproperties expressed in HYPERLTL is introduced.
Deciding Hyperproperties
• Computer Science
CONCUR
• 2016
This paper shows that the satisfiability problem of HyperLTL is PSPACE-complete for alternationfree formulas (and, hence, no more expensive than LTL satisfiability), EXPSPACE- complete for ∃∀ formulas, and undecidable for ∀∃ formulas.
Information Flow Monitoring as Abstract Interpretation for Relational Logic
• Computer Science
2014 IEEE 27th Computer Security Foundations Symposium
• 2014
This paper shows how relational logic policies can be dynamically checked, and provides a new account of monitoring, in which the monitor state is viewed as an abstract interpretation of sets of pairs of program runs.
Optimized temporal monitors for SystemC
• Computer Science
Formal Methods Syst. Des.
• 2010
This paper focuses on automated generation of runtime monitors from temporal properties, and identifies four issues in monitor generation: state minimization, alphabet representation, alphabet minimized, and monitor encoding.
Rewriting-Based Runtime Verification for Alternation-Free HyperLTL
• Computer Science
TACAS
• 2017
This paper presents a rewriting-based technique for runtime verification of the full alternation-free fragment of HyperLTL, a temporal logic for specification of hyperproperties, which is independent of the number of trace quantifiers in a givenHyperLTL formula.