University of Konstanz
Graduiertenkolleg / PhD Program
Computer and Information Science

Colloquium of the Department and the PhD Program

title

Monitoring Policy Compliance

speaker

Prof. David Basin, ETH Zurich, Swiss

date & place

Wednesday, 23.01.2013, 15:15 h
Room G 309

abstract

In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. This includes data protection policies, access control policies, and general usage-control policies stipulating how data can and must not be used. For example, in banking one may have financial reporting requirements such as every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days.

We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit. Policies are formulated in an expressive formal language (metric first-order temporal logic), and monitors are automatically generated from specifications. We report on our experience using this approach in different case studies in security and compliance monitoring.