What does this research mean for the field?

The Runtime Stability framework introduces seven Protection Attributes that enhance the structural runtime protection of computer systems, addressing security even after a breach has occurred. Novelty: ClaimNovelty.NOVEL_FINDING. Consensus alignment: ConsensusAlignment.ESTABLISHES_NEW_DIRECTION.

What question did this study set out to answer?

The aim is to introduce the Runtime Stability framework for enhancing security measures during runtime execution.

March 12, 2026Open Access

Runtime Stability: A 7-Attribute Framework for Structural Runtime Protection of Computer Systems

Key Points

The aim is to introduce the Runtime Stability framework for enhancing security measures during runtime execution.
Defines three interconnected documents outlining the framework and evaluation scales.
Introduces the 7 Protection Attributes and a three-layer defense model.
Systematically positions various existing technologies within the framework.
Inexploitability is introduced as a new protection attribute to mitigate breach damage.
Provides a quantitative evaluation framework to assess runtime protection levels.
Bridges cybersecurity and safety engineering through relevant attributes.

Abstract

This publication presents the Runtime Stability framework, a comprehensive technical framework that defines seven Protection Attributes for structurally maintaining the security of computer systems during execution (runtime). Unlike traditional security approaches focused on perimeter defense, Runtime Stability addresses the protection of systems even after a breach has occurred. The framework consists of three interrelated definition documents: 1. Runtime Stability Definition Document v3.3 — Establishes the overarching framework, including three Design Philosophies (Non-Halting, Homeostasis Maintenance, Integrated Achievement of 7 Attributes), the 7 Protection Attributes (Safety, Reliability, Availability, Controllability, Confidentiality, Data Integrity, Inexploitability), a three-layer defense model, and the RS (Runtime Stability Level) evaluation scale (RS-0 to RS-6). 2. Runtime Security Definition Document v1.3 — Defines the detection-based protection layer (Layer 2: Control Retention). Introduces a 3-axis evaluation framework (Recall, Precision, Response Latency) for the Security Level (SL-0 to SL-3) and systematically positions existing technologies such as RASP, CWPP, and EDR within the framework. 3. Runtime Immunity Definition Document v1.3 — Defines the structure-based protection layer (Layer 3: Outcome Nullification). Introduces the Nullification Level (NL-1 to NL-3) with a 2-axis evaluation (Information-Theoretic Nullification and Economic Nullification) and includes a Post-Quantum Nullification (PQN) extension framework. Key contributions:- Introduces Inexploitability as a novel protection attribute that severs the causal relationship between defense breach and damage occurrence- Provides a quantitative evaluation framework (RS = SL + IL) enabling systematic assessment of runtime protection levels- Bridges cybersecurity and safety engineering through attributes derived from both domains (e.g., Controllability from ISO 26262)- Technology-neutral and algorithm-independent definitions designed for long-term applicability Each document is provided in both English and Japanese (PDF and Markdown formats).

Read Full Paperexternally

Bookmark

View Full Paper

Cite This Study

Yoshida et al. (Tue,) studied this question.

synapsesocial.com/papers/69b2587296eeacc4fcec8126 https://doi.org/https://doi.org/10.5281/zenodo.18919672

Bookmark

View Full Paper