Abstract
It is a growing concern of companies and end users whether the agents of an IT system, i.e., its processes and users, comply with security policies, which, e.g., stipulate how sensitive data must and must not be used by the agents. We present a scalable solution for compliance checking based on monitoring the agents' behavior, where policies are specied in an expressive temporal logic and the system actions are logged. In particular, our solution utilizes the MapReduce framework to parallelize the process of monitoring the logged actions. We also provide the theoretical underpinnings of our solution as a theoretical framework for slicing logs, i.e., the reorganization of the logged actions into parts that can be analyzed independently of each other. We present orthogonal methods for generating such slices and provide means to combine these methods. Finally, we report on a real-world case study, which demonstrates the feasibility and the scalability of our monitoring solution. Show more
Permanent link
https://doi.org/10.3929/ethz-a-009920742Publication status
publishedJournal / series
Technical report / Department of Computer ScienceVolume
Publisher
ETH, Department of Computer Science, Institute of Information SecuritySubject
DATA SECURITY + DATA PROTECTION (OPERATING SYSTEMS); NETZWERKÜBERWACHUNG + NETZWERKADMINISTRATION (COMPUTERSYSTEME); Temporal logic; INFORMATION MANAGEMENT (MANAGEMENT OF COMPUTER SYSTEMS); NETWORK MONITORING (COMPUTER SYSTEMS); Parallelization; INFORMATIONSMANAGEMENT (MANAGEMENT VON COMPUTERSYSTEMEN); Monitoring; Compliance checking; DATENSICHERHEIT + DATENSCHUTZ (BETRIEBSSYSTEME); SlicingOrganisational unit
02150 - Dep. Informatik / Dep. of Computer Science03634 - Basin, David / Basin, David
More
Show all metadata
ETH Bibliography
yes
Altmetrics