| |
Monitoring Security and Privacy Policies
Speaker (s):
Professor David Basin
Department of Computer Science
Chair of Information Security,
Institute of Information Security
ETH Zurich
|
|
Date:
Time:
Venue:
|
|
January 11, 2016, Monday
10:30am - 12:30pm
Meeting Room 4.4, Level 4
School of Information Systems
Singapore Management University
80 Stamford Road
Singapore 178902
We look forward to seeing you at this research seminar.
|
|
About the Talk
In security and compliance, it is often necessary to ensure that agents and systems comply to complex policies. This includes data protection policies, access control policies, and general usage-control policies stipulating how data can and must not be used. For example, in banking, one may have financial reporting requirements such as every transaction of a customer, who has within the last 30 days been involved in a suspicious transaction, must be reported as suspicious within 2 days.
We present an approach to the automated monitoring of such policies either online during system execution, or offline during audit.
Policies are formulated in an expressive formal language (namely metric first-order temporal logic), and monitors are automatically generated from specifications. We report on our experience using this approach in different case studies in security and compliance monitoring.
About the Speaker
Professor David Basin David Basin is a professor of Computer Science at ETH Zurich where he heads the institute for Information Security. He received his Ph.D. in Computer Science from Cornell University in 1989 and his Habilitation in Computer Science from the University of Saarbrucken in 1996. From 19972002 he held the chair of Software Engineering at the University of Freiburg in Germany. His research areas are Information Security and Software Engineering. He is the founding director of the ZISC, the Zurich Information Security Centre, which he led from 2003-2011. He is the Editor-in-Chief of the ACM Transactions in Information and System Security and Springer-Verlag's book series in Information Security and Cryptography. He serves on various management and scientific advisory boards and has consulted extensively for IT companies and government organizations.
|
