Topic
Monitoring Policy Compliance Date:2016/01/05 (Tuesday) Time:13:20~15:00 Location:Room 122, Engineering Building 3 Moderator:Prof. Shiuhpyng Winston Shieh Abstract: In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. This includes data protection policies, access control policies, and general usage-control policies stipulating how data can and must not be used. For example, in banking one may have financial reporting requirements such as every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days. We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit. Policies are formulated in an expressive formal language (namely metric first-order temporal logic), and monitors are automatically generated from specifications. We report on our experience using this approach in different case studies in security and compliance monitoring. |