A Distributed Logic Reactive Programming Model

: and its Application to Monitoring Security

Abstract

Processes in the world are increasingly managed by software systems that are centered around the notion of events. For instance, banking software responds to the occurrence of financial transaction events and parcel services respond to the arrival event of a package at a depot. To, e.g., identify fraud in a series of financial transactions, multiple transaction events must be correlated.

How to efficiently extract patterns from a stream of events — in an online fashion — is an active research topic. The state of the art enables extracting complex patterns from large streams, or performing simple processing with predictable latency. There are, however, no techniques which combine expressive event correlation mechanisms with guaranteed upper bounds on resource usage. Lacking such guarantees, event monitoring systems risk falling behind on the live data, or even crashing due to memory exhaustion. Preventing this is of utmost importance for modern systems that are online 24/7.

In this dissertation, we propose a novel programming paradigm for large-scale online event correlation: Logic Reactive Programming. LRP overcomes the issues in the state of the art by imposing maximum lifetimes on stored event data. Through temporal reasoning, LRP then guarantees that a fixed upper limit exists on the number of events whose data needs to be retained. Stale data is automatically discarded, thus enabling LRP systems to operate in a fixed resource budget. We introduce PARTElang, the first Logic Reactive Programming language. Its formal foundations are defined by means of an event algebra. We define Featherweight PARTE, an operational semantics for PARTElang, which guarantees that every operation evaluates in constant time, using constant space. We prove correctness of Featherweight PARTE, i.e., that steps defined by the formal model ensure that a PARTElang program is translated to a number of concurrent units of computation which jointly arrive at the results prescribed by the event algebra. We further validate PARTElang by building a security monitoring application on top of a prototypical implementation of the Featherweight PARTE model.

Date of Award	28 Mar 2019
Original language	English
Awarding Institution	Vrije Universiteit Brussel
Supervisor	Wolfgang De Meuter (Promotor), Joeri De Koster (Promotor), Viviane Jonckers (Jury), Katrien Beuls (Jury), Tias Guns (Jury), Coen De Roover (Jury), Sebastian Erdweg (Jury) & Robert Hirschfeld (Jury)