Diagnosis and Threat Detection Capabilities of the SERENITY Monitoring Framework

In addition to the basic monitoring capabilities that have been described in Chapter 13, the SERENITY monitoring framework offers mechanisms for diagnosing the reasons that have caused the violation of security and dependability (S&D) properties and detecting potential violations of such properties, called “threats”. Diagnostic information and threat detection are often necessary for deciding what would be an appropriate reaction to a violation and taking preemptive actions that could stop the predicted violation, respectively. In this chapter, we describe the mechanisms of the SERENITY monitoring framework which are used to generate diagnostic information for violations of monitoring rules that express S&D properties within S&D Patterns, and predict potential violations of such properties. Theocharis Tsigkritis Dept. of Computing, City University, Northampton Square, London, EC1V 0HB, e-mail: [email protected] George Spanoudakis Dept. of Computing, City University, Northampton Square, London, EC1V 0HB, e-mail: [email protected] Christos Kloukinas Dept. of Computing, City University, Northampton Square, London, EC1V 0HB, e-mail: [email protected] Davide Lorenzoli Dept. of Computing, City University, Northampton Square, London, EC1V 0HB, e-mail: [email protected] 14.