Skip to Main Content
The paper deals with providing a specification methodology to enable flexible monitoring in large scale distributed information systems (DIS). The goal is to allow the monitoring of compliance to properties deemed as critical for functioning of a DIS. Since information attacks due to external intrusion and/or component failures often manifest as deviations from critical behaviors expected of a DIS, a violation of compliance to a specified critical property can be viewed as symptomatic of information attacks. Based on this principle, users can prescribe critical properties in the form of event predicates, which are Boolean conditions on the externally visible interface state distributed among computation nodes and can be detected by distributed algorithms. Our specification methodology manifests in two facets: i) designing a meta-language which allows the interface behavior of a system to be prescribed through possible occurrences of events in the external environment; and ii) incorporating the specification language into a programming interface that exposes the computation-level states symbolizing the occurrence of events. Any target application can then plugged-in to the generic monitor tool to test for its compliance to critical functionality requirements. The realization of monitor in distributed object-oriented programming languages (such as JAVA) reduces the software development costs of implementing a DIS: due to the ease of specification, development and maintenance of the DIS.