• PDF / 495,396 Bytes
• 20 Pages / 439.37 x 666.142 pts Page_size
• 84 Downloads / 214 Views

DOWNLOAD

REPORT

2

Utrecht University, Utrecht, Netherlands {B.J.G.Testerink,M.M.Dastani}@uu.nl Delft University of Technology, Delft, Netherlands [email protected]

Abstract. Decentralized monitors can be subject to robustness and security risks. Robustness risks include attacks on the monitor’s infrastructure in order to disable parts of its functionality. Security risks include attacks that try to extract information from the monitor and thereby possibly leak sensitive information. Formal methods to analyze the design of a monitor with respect to these issues can help to create more secure designs and/or identify critical parts. In this paper we specify a model for analyzing robustness and security risks for collaborative monitors constructed from a network of local monitors. Keywords: Monitoring

1

· Runtime verification · Security

Introduction

Normative systems help to make sure that agents behave according to preset guidelines/norms in multi-agent systems [5]. One approach is provided by exogenous normative systems where norms are explicit. The normative aspect of the multi-agent system is captured by an exogenous—to the agents—organization or institution. With this approach it must be verified whether any norm violation occurs in the multi-agent system’s execution. Monitoring large distributed multi-agent systems such as traffic, smart grids and economic markets requires decentralized approaches. Monolithic centralized monitors can impose a bottleneck due to the distributed nature of multi-agent systems and a single point of failure in case of break downs. A major concern of many decentralized verification applications is their robustness and security. The data that is gathered from a multi-agent system can severely compromise the agents’ privacy if leaked. Adversaries can also try to take down parts of the network to impede its functioning. Formal models of decentralized monitors allow for the analysis of critical parts in monitors in terms of robustness and security. Such an analysis allows the developers of decentralized monitors to invest more resources in critical parts. In this paper we present a formal model for decentralized monitors that supports their formal analysis to face the aspects of robustness and security when designing a monitor. As an c Springer International Publishing Switzerland 2016  V. Dignum et al. (Eds.): COIN 2015, LNAI 9628, pp. 376–395, 2016. DOI: 10.1007/978-3-319-42691-4 21

Security and Robustness for Collaborative Monitors

377

Location 2 Location 1

Location 4

Location 3

Fig. 1. Example scenario. Black dots indicate locations, arrows indicate traffic flow and double lines indicate roads.

example we shall use an abstract traffic monitoring scenario (Example 1). Traffic monitoring faces many challenges, including physical attacks on the monitor infrastructure and the privacy of individuals (cf. [7]). In our approach we assume that monitors observe the execution trace of a system in order to detect specific properties of its behavior. These properties are expressed in linear-time temporal log

Recommend Documents

RTAMT: Online Robustness Monitors from STL

155 4 19MB

Reference Monitors for Security and Interoperability in OAuth 2.0

125 55 506KB

Quality, Reliability, Security and Robustness in Heterogeneous Systems

188 57 13MB

Quality, Reliability, Security and Robustness in Heterogeneous Systems

166 11 16MB

Quality, Reliability, Security and Robustness in Heterogeneous Networks

155 90 35MB

Supply Chain Safety Management Security and Robustness in Logistics

180 34 20MB

Ingredients for robustness

190 109 2MB

Robustness

190 3 20MB

Robustness

178 24 8MB

Verified Rust Monitors for Lola Specifications

165 89 33MB

Robustness

213 65 4MB

Physical Activity Monitors

205 44 35MB