# Gray-box Monitoring of Hyperproperties (Extended Version)

**Authors:** Sandro Stucki, C\'esar S\'anchez, Gerardo Schneider, Borzoo, Bonakdarpour

arXiv: 1906.08731 · 2019-10-07

## TL;DR

This paper introduces a gray-box runtime verification approach for hyperproperties like HyperLTL, refining monitorability notions and applying it to privacy properties using SMT-based verification.

## Contribution

It proposes a feasible gray-box monitoring framework for hyperproperties, refining monitorability concepts and demonstrating practical application to privacy hyperproperties.

## Key findings

- Gray-box monitoring is feasible where black-box is not.
- Refined notions of monitorability for hyperproperties.
- Successful runtime verification of a privacy hyperproperty.

## Abstract

Many important system properties, particularly in security and privacy, cannot be verified statically. Therefore, runtime verification is an appealing alternative. Logics for hyperproperties, such as HyperLTL, support a rich set of such properties. We first show that black-box monitoring of HyperLTL is in general unfeasible, and suggest a gray-box approach. Gray-box monitoring implies performing analysis of the system at run-time, which brings new limitations to monitorabiliy (the feasibility of solving the monitoring problem). Thus, as another contribution of this paper we refine the classic notions of monitorability, both for trace properties and hyperproperties, taking into account the computability of the monitor. We then apply our approach to monitor a privacy hyperproperty called distributed data minimality, expressed as a HyperLTL property, by using an SMT-based static verifier at runtime.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1906.08731/full.md

## Figures

9 figures with captions in the complete paper: https://tomesphere.com/paper/1906.08731/full.md

---
Source: https://tomesphere.com/paper/1906.08731