COPLAS Talk: David Basin, Monitoring Policy Compliance – Københavns Universitet

COPLAS Talk: David Basin, Monitoring Policy Compliance

In security and compliance, it is often necessary to ensure that agents and systems   comply to complex policies.

This includes data protection policies, access control policies, and general usage-control policies   stipulating how data can and must not be used.

For example, in banking one may have financial reporting requirements such as   every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days.

We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit. Policies are formulated in an expressive formal language (namely metric   first-order temporal logic), and monitors are automatically generated from   specifications.  We report on our experience using this approach in   different   case studies in security and compliance monitoring. 

Speaker's Biography

David Basin is a professor of Computer Science at ETH Zurich where he heads the institute for Information Security. He received his Ph.D. in Computer Science from Cornell University in 1989 and his Habilitation in Computer Science from the University of Saarbrucken in 1996.

From 1997–2002 he held the chair of Software Engineering at the University of Freiburg in Germany. His research areas are Information Security and Software Engineering. He is the founding director of the ZISC, the Zurich Information Security Center, which he led from 2003-2011. He is Editor-in-Chief of Springer-Verlag's book series in Information Security   and Cryptography and serves on the editorial boards of numerous journals including IEEE Transactions on Information and System Security and Acta   Informatica.

All are welcome. Free. No registration required.