Runtime enforcement is a methodology used to enforce that the output of a running system satisfies a desired property. Given a property, an enforcement monitor modifies an (untrusted) sequence of events into a sequence that complies to that property. In practice, we may have not one, but many properties to enforce. Moreover, new properties may arise as new capabilities are added to the system. It is thus important to construct not a single, i.e., monolithic monitor, but rather several monitors, one for each property. The question is to what extent such monitors can be composed, and how. In this paper, we study two enforcement monitor composition schemes, serial and parallel composition. We show that, runtime enforcement is compositional for general regular properties with respect to one of the parallel composition schemes defined. We also show that runtime enforcement is not compositional with respect to serial composition for general regular properties, but it is for certain subclasses of regular properties. The proposed compositional runtime enforcement framework is formalized and implemented. Our experimental results demonstrate the pros and cons of using the compositional approach versus the monolithic with respect to performance.

运行时强制是一种用于强制运行系统的输出满足所需属性的方法。给定一个属性，执行监视器将（不受信任的）事件序列修改为符合该属性的序列。在实践中，我们可能没有一个，而是许多属性要强制执行。此外，随着新功能添加到系统中，可能会出现新属性。因此，重要的是不要构建一个单一的，即整体的监视器，而是构建几个监视器，一个用于每个属性。问题是这种监视器可以在多大程度上组成，以及如何组成。在本文中，我们研究了两种执法监视器组合方案，串行和并行组合。我们表明，相对于定义的并行组合方案之一，运行时强制对于一般常规属性是组合的。我们还表明，对于一般常规属性的串行组合，运行时强制不是组合的，但它是针对常规属性的某些子类的。建议的组合运行时执行框架已正式化和实施。我们的实验结果证明了使用组合方法与整体方法在性能方面的优缺点。