Information Trust Institute block of abstract images
Information Trust Institute block of abstract images

Monitoring and Enforcing Data-Usage Policies


Felix Klaedtke
Professor, Computer Science
ETH-Zurich, Switzerland

Watch These Sessions

Part 1 - (Video runs from 00:03:44 to 00:51:14)

Part 2 - (Video runs from 01:07:00 to 02:20:20)

View the Slides

Many kinds of digitally stored data should only be used in restricted ways. The intended usage may be stipulated by government regulations, corporate privacy policies, preferences of the data owner, etc. Such policies cover not only who may access which data, but also how the data may or must not be used after access. An example of such a usage restriction is that ``collected data must be deleted after 30 days and not accessed or forwarded to third parties.'' Temporal logics are not only well suited for formalizing such regulations, they also allow one to synthesize efficient monitors from such specifications. These monitors can then be used either online or offline to check whether the behavior of system agents, i.e., users and processes, is policy compliant.

In the lecture, I will first give background on monitoring system behavior and temporal logics. Afterwards, I will describe our monitoring approach to automated compliance checking based on a first-order temporal logic. I will also report on case studies in security and compliance monitoring and use these to evaluate both the suitability of the temporal logic for specifying complex, realistic policies and the efficiency of our monitoring approach. I will also relate the monitoring approach to policy enforcement and discuss alternative monitoring approaches. Finally, I will conclude with possible future research directions.

Suggested Readings:

"Monitoring Metric First-order Temporal Properties"

"Monitoring Data Usage in Distributed Systems"


Felix Klaedtke joined ETH Zurich in 2004/05, where he is currently a senior researcher and lecturer at the Institute of Information Security. He received his Ph.D. from the Albert-Ludwigs-University Freiburg in 2004. His research interests are in building, verifying, and securing IT systems. His current research focuses on monitoring systems for compliance checking and policy enforcement. His research interests also include algorithmic verification and temporal reasoning.