Gray-box Monitoring of Hyperproperties (Extended Version)
This addresses runtime verification challenges for security and privacy hyperproperties, offering a refined approach but is incremental in its contributions.
The paper tackles the problem of runtime verification for hyperproperties, showing that black-box monitoring of HyperLTL is generally unfeasible and proposing a gray-box approach with refined monitorability notions, applied to monitor a privacy hyperproperty called distributed data minimality using an SMT-based static verifier at runtime.
Many important system properties, particularly in security and privacy, cannot be verified statically. Therefore, runtime verification is an appealing alternative. Logics for hyperproperties, such as HyperLTL, support a rich set of such properties. We first show that black-box monitoring of HyperLTL is in general unfeasible, and suggest a gray-box approach. Gray-box monitoring implies performing analysis of the system at run-time, which brings new limitations to monitorabiliy (the feasibility of solving the monitoring problem). Thus, as another contribution of this paper we refine the classic notions of monitorability, both for trace properties and hyperproperties, taking into account the computability of the monitor. We then apply our approach to monitor a privacy hyperproperty called distributed data minimality, expressed as a HyperLTL property, by using an SMT-based static verifier at runtime.