Policy Monitoring in First-order Temporal Logic David Basin ETH - PowerPoint PPT Presentation

Policy Monitoring in First-order Temporal Logic David Basin ETH Zurich Joint work with Felix Klaedtke and Samuel M¨ uller

Modern problems 2

Modern problems What do these topics have to do with each other? 2

Modern problems What do these topics have to do with each other? Are they theoretically interesting? 2

Technical issues Processes to monitor and control proceses � Controlling access My medical data should only be accessible to my care givers. � Controlling usage ... and then used for intended purpose, e.g., improving healthcare � Corporate governance and regulatory compliance Implement controls to reduce risks. 3

Technical issues Processes to monitor and control proceses � Controlling access My medical data should only be accessible to my care givers. � Controlling usage ... and then used for intended purpose, e.g., improving healthcare � Corporate governance and regulatory compliance Implement controls to reduce risks. Core problems are theoretically interesting! 3

Focus policies � Setting: security and compliance • Business processes • Policies regulating data and processes

Focus ❄ Compliance events ✲ Checker during runtime or audit � Setting: security and compliance • Business processes • Policies regulating data and processes � Monitoring ( � = enforcement) 4

Focus ❄ Compliance events ✲ Checker during runtime or audit � Setting: security and compliance • Business processes • Policies regulating data and processes � Monitoring ( � = enforcement) � General solution using metric first-order temporal logic and an associated monitoring algorithm 4

Focus ❄ Compliance events ✲ Checker during runtime or audit � Setting: security and compliance • Business processes • Policies regulating data and processes � Monitoring ( � = enforcement) � General solution using metric first-order temporal logic and an associated monitoring algorithm � Practical experience across a wide range of application areas 4

Road map 1. An example 2. Metric First-order Temporal Logic 3. Formalization examples 4. Monitoring 5. Performance 6. Conclusion 5

Road map 1. An example 2. Metric First-order Temporal Logic 3. Formalization examples 4. Monitoring 5. Performance 6. Conclusion 5

Example � Consider a financial or research institute: • Employees write and publish reports • Reports may contain confidential data � Report approval policy 1. Reports must be approved before they are published. 2. Approvals must happen at most 10 days before publication. 3. The employees’ managers must approve the reports. � IT system logs events 2010-03-03 publish report (Charlie, #234) 2010-03-04 archive report (Alice, #104) . . . . . . . . . . . . . . . . . . 2010-03-09 approve report (Alice, #248) 2010-03-13 publish report (Bob, #248) . . . . . . . . . . . . . . . . . . � Are executions policy conform? 6

Policy elements 1. Reports must be approved before they are published. 2. Approvals must happen at most 10 days before publication. 3. The employees’ managers must approve the reports. 7

Policy elements q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q Subjects q q q q q q q q q q q q q q q q q q q q q q q q q q q q qq q q q q q q q q q q q q q q q q q q qq q q q q q q q q � reports and employees q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q qqqqqqq q � unbounded over time q q q q q qqqqqqqq q q q q qqqqq q qqqqqqqqq qqqqqq qqqqqqq qq qqqqqq qqqq qqqqq qqqqqq qqqqqqqq qqqqqqq qqqqqqqq qqqqqqqqq qqqqqqqqqq qqqqqqqqqq qqqqqqqqq qqqqqqqqqqqq qqqqqqqqqqqqq qqqqqqqqqqqqqq qqqqqqqqqqqqq qqqqqqqqqqqq 1. Reports must be approved before they are published. r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r 2. Approvals must happen at most 10 days before publication. 3. The employees’ managers must approve the reports. r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r 7

Policy elements Subjects � reports and employees � unbounded over time 1. Reports must be approved before they are published. rr r r r r r r r r r r r r r r r r r r r r r r r rr r r r r r r r r r 2. Approvals must happen at most 10 days before publication. r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r 3. The employees’ managers must approve the reports. q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q Temporal aspects q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q qq q q q q q q q q q q qq � qualitative: before and always q q q q q q q q q qq q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q � quantitative: at most 10 days q q q q q qqqqqqq q q q q q q qqqqqqq q q qqqqq qqqqqq qqqqqqqqq qqqqqqq qqqqqqqq qq qqqq qqqqq qqqqqqq qqqqqq qqqqqq qqqqqqqq qqqqqqqqqq qqqqqqqq qqqqqqqqq qqqqqqqqqq qqqqqqqqqqqq qqqqqqqqqqqqq qqqqqqqqqqqqqq qqqqqqqqqqqqqq qqqqqqqqqqqq qqqqqqqqqqq 7

Policy elements q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q Subjects q q Event predicates q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q q � approving and publishing a report q q q q q q � reports and employees q q q q q q q q qq q q q q q q q qq q q q q q q q q q q q q q q q q q q q � happen at a time point q q q � unbounded over time q q q q q q q q q q qqqqq q q q q qqqqqq q q q q qqqq qq q q qqqqq q qqqqqq q qqqqqqq q q � logged with time stamps qqqqqqqqq q qqqqqqqqqq q q q qqqqqqqqqqq q q qqqqqqqqqqqq q q q qqqqqqqqqqqqqq q q q qqqqqqqqqqqqqqq q q qqqqqqqqqqqqqq q q qqqq qqqqq qqqqqqqqqqqqq qqqqqqq qqqqqqqq qqqqqqqqqqqq qqqqqqqqq qqqqqqqqqq qqqqqqqqq qqqqqqqqqq qqqqqqqqqqqq qqqqqqqqqqqqq qqqqqqqqqqqqqq qqqqqqqq 1. Reports must be approved before they are published. r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r r 2. Approvals must happen at most 10 days before publication. 3. The employees’ managers must approve the reports. Temporal aspects � qualitative: before and always � quantitative: at most 10 days 7