|
Prof. David Basin
Department of Computer Science, ETH Zurich |
 |
Topic
Monitoring Policy Compliance
Date:2016/01/05 (Tuesday)
Time:13:20~15:00
Location:Room 122, Engineering Building 3
Moderator:Prof. Shiuhpyng Winston Shieh
Abstract:
In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. This includes data protection policies, access control policies, and general usage-control policies stipulating how data can and must not be used. For example, in banking one may have financial reporting requirements such as every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days. We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit. Policies are formulated in an expressive formal language (namely metric first-order temporal logic), and monitors are automatically generated from specifications. We report on our experience using this approach in different case studies in security and compliance monitoring.