printlogo
http://www.ethz.ch/index_EN
Institute of Information Security
 
print
  

Runtime Policy Monitoring and Enforcement

Zurich Information Security Center

We are affiliated with the Zurich Information Security Center (ZISC)

Events & News

It is a growing concern for companies, administrations, and end users alike whether IT systems comply with policies regulating the usage of
sensitive data. Checking their compliance is particularly acute as many of our modern infrastructures (communication, entertainment, finance
and banking, social networks, etc.) are based on IT systems that collect, process, and share data.

A prominent approach to compliance checking is runtime monitoring. Here, system actions are observed and automatically checked for
compliance against a policy. Our research project is concerned with developing efficient and scalabale runtime monitoring techniques for
expressive policy specification languages. Most of our results have focused on a safety fragment of metric first-order temporal logic (MFOTL).
We are also interested in policy enforcement, that is, preventing policy violations instead of only detecting them.

Software

Publications

  1. Checking System Compliance by Slicing and Monitoring Logs
    Matus Harvan, David Basin, Germano Caronni, Sarah Ereth, Felix Klaedtke, Heiko Mantel
    Technical Report 791, ETH Zurich, Department of Computer Science, July 2013.
    [In this paper we show to parallelize our monitoring approach by using the MapReduce framework.
    We also provide a theoretical framework for slicing logs. Finally, we report on a real-world case study with Google.
    ]

  2. Monitoring Data Usage in Distributed Systems.
    David Basin, Felix Klaedtke, Matus Harvan, Eugen Zalinescu
    IEEE Transactions on Software Engineering, to appear.
    [This is the journal version of the TIME 2012 paper.]

  3. Enforceable Security Policies Revisited
    David Basin, Vincent Juge, Felix Klaedtke, Eugen Zalinescu
    ACM Transactions on Information and System Security, Volume 16, Issue 1, 2013.
    [This is the journal version of the POST 2012 paper.]

  4. Monitoring of Temporal First-order Properties with Aggregations
    David Basin, Felix Klaedtke, Srdjan Marinovic, and Eugen Zalinescu
    In the Proceedings of the 4th International Conference on Runtime Verification (RV 2013)
    [In this paper we present and evaluate an extension of our monitoring approach that allows one
    to aggregate over data values. Aggregations often appear in regulations, e.g., "the sum of all withdrawals
    in the last month of each user must not exceed a given threshold".
    ]

  5. Monitoring Compliance Policies over Incomplete and Disagreeing Logs
    David Basin, Felix Klaedtke, Srdjan Marinovic, Eugen Zalinescu
    In the Proceedings of the 3rd International Conference on Runtime Verification (RV 2012)
    [In this paper we extend our monitoring approach to cope with incomplete knowledge about system events,
    which may arise for instance from logging infrastructure failures and corrupted log files.
    ]

  6. Enforceable Security Policies Revisited
    David Basin, Felix Klaedtke, Vincent Juge, Eugen Zalinescu
    In the Proceedings of the 1st Conference on Principles of Security and Trust (POST 2012).
    [In this paper we revisit Schneider's work on policy enforcement by execution monitoring.
    We overcome limitations of Schneider's setting by distinguishing between system actions
    that are controllable by an enforcement mechanism and those actions that are only observable.
    ]

  7. MONPOLY: Monitoring Usage-control Policies
    David Basin, Felix Klaedtke, Matus Harvan, Eugen Zalinescu
    In the Proceedings of the 2nd International Conference on Runtime Verification (RV 2011).
    Best Tool Paper Award.
    [This paper presents the prototype tool implementing our monitoring approach.]

  8. Algorithms for Monitoring Real-time Properties
    David Basin, Felix Klaedtke, Eugen Zalinescu
    In the Proceedings of the 2nd International Conference on Runtime Verification (RV 2011).
    [In this paper we present and analyze monitoring algorithms for a safety fragment of metric temporal logics under
    different time models, which have either dense or discrete time domains and are either point-based or interval-based.
    ]

  9. Monitoring Usage-control Policies in Distributed Systems
    David Basin, Felix Klaedtke, Matus Harvan, Eugen Zalinescu
    In the Proceedings of the 18th International Symposium on Temporal Representation and Reasoning (TIME 2011).
    [A major challenge when monitoring distributed systems, is to correctly and efficiently monitor the trace interleavings
    obtained by totally ordering actions that happen at the same time. We identify fragments of MFOTL for which compliance
    can be checked efficiently, namely, by monitoring a single representative trace in which actions are totally ordered.
    We also present a real-world case study in the context of a collaboration with Nokia Research.
    ]

  10. Policy Monitoring in First-Order Temporal Logic
    David Basin, Felix Klaedtke, Samuel Müller
    In the Proceedings of the 22nd International Conference on Computer Aided Verification (CAV 2010).
    [This is an invited paper that presents our monitoring approach.]

  11. Monitoring Security Policies with Metric First-order Temporal Logic
    David Basin, Felix Klaedtke, Samuel Müller
    In the Proceedings of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT 2010).
    [In this paper we show how a wide variety of security policies, ranging from traditional policies like Chinese Wall and
    separation of duty to more specialized usage-control and compliance requirements, can be naturally formalized in MFOTL.
    ]

  12. Runtime Monitoring of Metric First-order Temporal Properties
    David Basin, Felix Klaedtke, Samuel Müller, Birgit Pfitzmann
    In the Proceedings of the 28th IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS 2008).
    [This paper is the first to present our monitoring approach. In particular, we present an online algorithm for a safety fragment of
    metric first-order temporal logic that is considerably more expressive than the logics supported by prior monitoring methods.
    ]


People involved

David Basin, Matus Harvan, Vincent Jugé (2011), Felix Klaedtke, Srdjan Marinovic, Samuel Müller (2007-2009), Eugen Zalinescu

 

Wichtiger Hinweis:
Diese Website wird in älteren Versionen von Netscape ohne graphische Elemente dargestellt. Die Funktionalität der Website ist aber trotzdem gewährleistet. Wenn Sie diese Website regelmässig benutzen, empfehlen wir Ihnen, auf Ihrem Computer einen aktuellen Browser zu installieren. Weitere Informationen finden Sie auf
folgender Seite.

Important Note:
The content in this site is accessible to any browser or Internet device, however, some graphics will display correctly only in the newer versions of Netscape. To get the most out of our site we suggest you upgrade to a newer browser.
More information

© 2014 ETH Zurich | Imprint | Disclaimer | 20 September 2013
top