Startseite // SnT // Distinguishe... // Monitoring Policy Compliance - April 28, 2015

Monitoring Policy Compliance - April 28, 2015

It is our pleasure to host this distinguished lecture by Prof. David Basin, ETH Zurich. The lecture will be followed by a reception. Please feel free to forward this invitation.

Date: April 28, 2015
Time: 14:00
Venue: Weicker Building -Room B001 Ground floor, 4 rue Alphonse Weicker, L-2721 Luxembourg

Abstract: In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. This includes data protection policies, access control policies, and general usage-control policies stipulating how data can and must not be used.  For example, in banking one may have financial reporting requirements such as every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days.  

We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit. Policies are formulated in an expressive formal language (namely metric first-order temporal logic), and monitors are automatically generated from specifications.  We report on our experience using this approach in different case studies in security and compliance monitoring.

David Basin is a professor of Computer Science at ETH Zurich where he heads the institute for Information Security. He received his Ph.D. in Computer Science from Cornell University in 1989 and his Habilitation in Computer Science from the University of Saarbrucken in 1996. From 1997–2002 he held the chair of Software Engineering at the University of Freiburg in Germany. His research areas are Information Security and Software Engineering. He is the founding director of the ZISC, the Zurich Information Security Center, which he led from 2003-2011. He is Editor-in-Chief of Springer-Verlag's book series in Information Security and Cryptography and serves on the editorial boards of numerous journals including IEEE Transactions on Information and System Security and Acta Informatica.