Lazy Security Controllers

Security controllers follow the execution of the target systems to prevent security violations. In fact, by proactively observing the target, they are able to catch security violations before they occur and act consequently, such as by interrupting the execution. In this paper we define a novel category of security controllers called lazy controllers, a conservative extension of standard controllers which routinely suspend the observation of the target for different time spans, in order to reduce the cost of monitoring and increase performance, at the expense of the possibility of missing a violation. We show how a proactive truncation controller can be extended to the lazy setting, and we formally characterize the relation between the length of suspended time spans and the actual violation risk, which constitutes the formal ground of our approach. This allows the actual time of suspension to be determined according to a given maximum bearable risk. Precisely, we formally investigate three classes of systems, namely nondeterministic, probabilistic, and stochastic systems.