, then, since ? ? Pre(?, time(? following lemma A.14, since obs(?, time(?.(?, a))) = ?, obs(? s0 , time(? . (?, a))) = ? s = obs(? |?u , time(? . (?, a))) = ? |?u and ? ? (nobs(? s0 , time(? . (?, a)))) . ? c = ? ? (? |?c ) Since ? . (?, a) ? Pre(?, t), and ? ? Pre(?, time(? . (?, a))), following the definition of Pre(?, t) and Pre(?, time(? . (?, a))) (Definition 4.20), there exists t ? R ?0 such that time(?, ? ? (obs(? . (?, a), t ) |?c )) = ?. Let us consider the minimum such t . Since t ? time This means that: G(Reach((? . (?, a)) |?u , t ), ? ? ((? . (?, a)) |?c )) = ?. (A.2), p.then obs(?
, after (0, a) after (? , t ) ? v, then v, ? ? (nobs(? , t )) ?1 . buf c , 1 ? W 0 , because ? is winning for player 0. By construction of ? , and because of the different constraints required on G s , this implies that all states v ? V s such that Reach(? s0 , time(? . (?, a))) after (0, a) after (? , t ) ? v are in W 0 , for any t ? R ?0 . We know by construction of ? that this holds for some t
, then: (? E ) * that are minimal in the number of rules delay(), i.e. the word obtained by merging two consecutive rules delay() into one with the sum of delays of the two rules, until stabilisation. This allows to define Rules(?, t) correctly, without " cheating " by slicing time to increase the length of the word. Note that the words obtained by merging or adding delay() rules this way reach exactly the same configurations in the end
, let P(?, t) be the predicate " (?, ? s0 , ? c ) ? store ? =? (output(?, t) = obs(? s0 , t) ? Reach E (?, t) = nobs(? s0 , t), ? c , Reach(? s0 , t), t ? time(obs(? s0 , t))) " , and P(?) be the predicate, Let us then show by induction that P(?) holds for any ? ? tw(?)
, P(?) holds. Let us consider?, ? s0 , ? c ) ? store ? , (? . (?, a), ? t0 , ? d ) ? store ? , ? s = obs(? s0 , time(? . (?, a))), and c = Reach E (?, time(? . (?, a))). Then, by induction hypothesis, c = nobs(? s0 , time(?, Reach(? s0 time(? . (?, a)) ? time, p.time(?
, ?, a), t) = Reach E (?, t), and obs(? t0 , t) = obs(? s0 , t), meaning that P(? . (?, a), t) holds. Then
, Network Protocol System Passive Testing for Fault Management: A??Backward Checking Approach, International Conference on Formal Techniques for Networked and Distributed Systems, pp.150-166, 2004.
DOI : 10.1016/S0950-5849(99)00039-7
URL : http://satoss.uni.lu/members/baptiste/papers/BC.pdf
, Minimization of timed transition systems, CONCUR'92, pp.340-354, 1992.
DOI : 10.1007/BFb0084802
, The theory of timed automata, Lecture Notes in Computer Science, vol.600, pp.45-73, 1992.
DOI : 10.1007/BFb0031987
, Event-clock automata: a determinizable class of timed automata, Theoretical Computer Science, vol.211, issue.1-2, pp.253-273, 1999.
DOI : 10.1016/S0304-3975(97)00173-4
, Enforceable security policies revisited, ACM Trans. Inf. Syst. Secur, vol.16, issue.1, 2013.
DOI : 10.1007/978-3-642-28641-4_17
, Decentralised ltl monitoring. FM 2012: Formal Methods, pp.85-100, 2012.
DOI : 10.1007/978-3-642-32759-9_10
URL : https://hal.archives-ouvertes.fr/hal-00857286
, Monitoring of Real-Time Properties, International Conference on Foundations of Software Technology and Theoretical Computer Science, pp.260-272, 2006.
DOI : 10.1007/11944836_25
, The good, the bad, and the ugly, but how ugly is ugly? In Runtime Verification, pp.126-138, 2007.
, Runtime Verification for LTL and TLTL, ACM Transactions on Software Engineering and Methodology, vol.20, issue.4, p.14, 2011.
DOI : 10.1145/2000799.2000800
URL : http://www4.in.tum.de/~leucker/Documents/Leucker/tosem09_prelim.pdf
, Composing expressive runtime security policies, ACM Transactions on Software Engineering and Methodology, vol.18, issue.3, p.9, 2009.
DOI : 10.1145/1525880.1525882
URL : http://www.cse.usf.edu/~ligatti/papers/polymer-tosem.pdf
, Timed Automata: Semantics, Algorithms and Tools, Lecture Notes in Computer Science, vol.3098, pp.87-124, 2004.
DOI : 10.1007/978-3-540-27755-2_3
URL : http://www.seas.upenn.edu/~lee/09cis480/papers/by-lncs04.pdf
, Shield Synthesis:, 2015.
DOI : 10.1007/978-3-662-46681-0_51
, New approaches for passive testing using an extended finite state machine specification . Information and Software Technology, pp.45837-852, 2003.
DOI : 10.1016/s0950-5849(03)00063-6
, Characterization of temporal property classes. Automata, languages and programming, pp.474-486, 1992.
, Java-MOP: A Monitoring Oriented Programming Environment for Java, TACAS, pp.546-550, 2005.
DOI : 10.1007/978-3-540-31980-1_36
URL : http://gureni.cs.uiuc.edu/~grosu/download/java-mop-tool.ps
, Availability enforcement by obligations and aspects identification, First International Conference on Availability, Reliability and Security (ARES'06), p.10, 2006.
DOI : 10.1109/ARES.2006.36
URL : http://www.rennes.enst-bretagne.fr/~fcuppens/articles/ares06.pdf
, Timing assumptions and verification of finite-state concurrent systems, International Conference on Computer Aided Verification, pp.197-212, 1989.
DOI : 10.1007/3-540-52148-8_17
, Modeling runtime enforcement with mandatory results automata, International Journal of Information Security, vol.206, issue.2???4, pp.47-60, 2015.
DOI : 10.1016/j.ic.2007.07.009
, Antoine and Falcone, Ylies, 2017a. Monitoring decentralized specifications, 26th International Symposium on Software Testing and Analysis
, THEMIS: a tool for decentralized monitoring algorithms, Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis , ISSTA 2017, 2017.
DOI : 10.1007/s10515-005-6205-y
URL : https://hal.archives-ouvertes.fr/hal-01653727
, What can you verify and enforce at runtime?, International Journal on Software Tools for Technology Transfer, vol.3, issue.1, pp.349-382, 2012.
DOI : 10.1145/353323.353382
URL : https://hal.archives-ouvertes.fr/hal-00497350
, A tutorial on runtime verification. Engineering Dependable Software Systems, pp.141-175, 2013.
URL : https://hal.archives-ouvertes.fr/hal-00853727
, Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods in System Design, pp.223-262, 2011.
DOI : 10.1007/s10703-011-0114-4
URL : https://hal.archives-ouvertes.fr/hal-00576948
, Runtime enforcement monitors: composition, synthesis, and enforcement abilities. Formal Methods in System Design, pp.223-262, 2011.
DOI : 10.1007/s10703-011-0114-4
URL : https://hal.archives-ouvertes.fr/hal-00576948
, Access control by tracking shallow execution history, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004, pp.43-55, 2004.
DOI : 10.1109/SECPRI.2004.1301314
URL : http://www.cs.uregina.ca/~pwlfong/Pub/UR-CS-TR-2003-9.ps
, Synth??se en ligne de superviseur compositionnel pour ???otte de robots mobiles, Journal Europ??en des Syst??mes Automatis??s, vol.47, issue.1-3, pp.1-3, 2013.
DOI : 10.3166/jesa.47.195-210
, Decentralized Enforcement of Artifact Lifecycles, 2016 IEEE 20th International Enterprise Distributed Object Computing Conference (EDOC), pp.1-10, 2016.
DOI : 10.1109/EDOC.2016.7579380
, Computability classes for enforcement mechanisms, ACM Transactions on Programming Languages and Systems, vol.28, issue.1, pp.175-205, 2006.
DOI : 10.1145/1111596.1111601
URL : http://www.cs.cornell.edu/fbs/publications/EnfClasses.pdf
, Uppaal in a nutshell, International Journal on Software Tools for Technology Transfer, vol.1, issue.1-2, pp.134-152, 1997.
DOI : 10.1007/s100090050010
, Formal certification of a compiler back-end or, ACM SIGPLAN Notices, vol.41, issue.1, pp.42-54, 2006.
DOI : 10.1145/1111320.1111042
URL : https://hal.archives-ouvertes.fr/inria-00000963
, Edit automata: enforcement mechanisms for run-time security policies, International Journal of Information Security, vol.3, issue.1-2, pp.2-16, 2005.
DOI : 10.1145/325694.325728
URL : http://www.cs.princeton.edu/~jligatti/papers/TR-681-03.pdf
, Run-Time Enforcement of Nonsafety Policies, ACM Transactions on Information and System Security, vol.12, issue.3, 2009.
DOI : 10.1145/1455526.1455532
, A hierarchy of temporal properties, Proceedings of the sixth annual ACM Symposium on Principles of distributed computing , PODC '87, pp.377-410, 1989.
DOI : 10.1145/41840.41857
, Through Modeling to Synthesis of Security Automata, Electronic Notes in Theoretical Computer Science, vol.179, pp.31-46, 2007.
DOI : 10.1016/j.entcs.2006.08.029
, Symbolic model checking, Symbolic Model Checking, pp.25-60, 1993.
, TiPEX: A Tool Chain for Timed Property Enforcement During eXecution, Runtime Verification, pp.306-320, 2015.
DOI : 10.1016/j.entcs.2005.10.035
URL : https://hal.archives-ouvertes.fr/hal-01244446
, TiPEX: A Tool Chain for Timed Property Enforcement During eXecution, 6th International Conference on Runtime Verification, pp.1210-1007, 2015.
DOI : 10.1016/j.entcs.2005.10.035
URL : https://hal.archives-ouvertes.fr/hal-01244446
, Runtime enforcement of timed properties revisited. Formal Methods in System Design, pp.381-422, 2014.
DOI : 10.1007/s10703-014-0215-y
URL : https://hal.archives-ouvertes.fr/hal-01088136
, Runtime Enforcement of Timed Properties, Third International Conference, pp.229-244, 2012.
DOI : 10.1007/978-3-642-35632-2_23
URL : https://hal.archives-ouvertes.fr/hal-00743270
, Runtime enforcement of timed properties revisited. Formal Methods in System Design, pp.45381-422, 2014.
DOI : 10.1007/s10703-014-0215-y
URL : https://hal.archives-ouvertes.fr/hal-01088136
, Runtime Enforcement of Timed Properties, Runtime Verification, pp.229-244978, 2013.
DOI : 10.1007/978-3-642-35632-2_23
URL : https://hal.archives-ouvertes.fr/hal-00743270
, The control of discrete event systems, Proceedings of the IEEE, vol.77, issue.1, pp.81-98, 1989.
DOI : 10.1109/5.21072
, Optimal enforcement of (timed) properties with uncontrollable events, Mathematical Structures in Computer Science, vol.16, pp.1-46, 2017.
DOI : 10.1145/353323.353382
URL : https://hal.archives-ouvertes.fr/hal-01262444
, Enforcement of (Timed) Properties with Uncontrollable Events, Leucker Theoretical Aspects of Computing - ICTAC 2015, pp.542-560, 2015.
DOI : 10.1007/978-3-319-25150-9_31
URL : https://hal.archives-ouvertes.fr/hal-01185238
, GREP: Games for the Runtime Enforcement of Properties, Testing Software and Systems: 29th IFIP WG 6.1 International Conference Proceedings, pp.259-275, 2017.
DOI : 10.1145/353323.353382
URL : https://hal.archives-ouvertes.fr/hal-01678960
, Runtime enforcement using Büchi games, Proceedings of Model Checking Software -24th International Symposium, SPIN 2017, pp.70-79, 2017.
DOI : 10.1145/3092282.3092296
, Acceptability-oriented computing, ACM SIGPLAN Notices, vol.38, issue.12, pp.57-75, 2003.
DOI : 10.1145/966051.966060
URL : http://dspace.mit.edu/bitstream/1721.1/3846/2/CS002.pdf
, Enforceable security policies, ACM Transactions on Information and System Security, vol.3, issue.1, pp.30-50, 2000.
DOI : 10.1145/353323.353382
, Synthesizing Runtime Enforcer of Safety Properties Under Burst Error, NASA Formal Methods Symposium, pp.65-81, 2016.
DOI : 10.1145/2610384.2610405