Research into run-time security monitoring techniques has delivered techniques that monitor conditions related to security which are expressed in the form of security policies. Often these conditions are related to an infrastructure layer (e.g. network connections) and may fail to reflect application level and context specific security requirements. Existing techniques also monitor security conditions in isolation. As a consequence, they are unable to detect security breaches and threats which arise due to interactions between different functional and dependability system requirements and security requirements, or breaches and threats which arise due to violations of conditions that relate to non infrastructural system aspects (e.g. negligence at the level of system users).
The deliverable document "State of the art in Runtime Support", includes an analysis of the state of the art in monitoring breaches and threats to S&D requirements, solutions and satisfaction of context conditions at run-time, and existing mechanisms and approaches for reacting to such breaches and threats. The report identifies relevant open issues that will drive the subsequent research and development work in the activity.
Research into general run-time requirements monitoring has investigated:
- ways of specifying requirements for monitoring and transforming them into events that can be monitored at run-time;
- the development of event-monitoring mechanisms;
- the development of mechanisms for generating system events that can be used in monitoring
- the development of mechanisms for adapting systems in order to deal with deviations from requirements at run-time. Most of the existing techniques express requirements in some high level formal specification language and subsequently assume the refinement and mapping of these requirements onto patterns of events. The occurrence of those patterns would indicate their violation at run-time.
