Issue No. 10 - Oct. (2013 vol. 39)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TSE.2013.18
David Basin , Inst. of Inf. Security, ETH Zurich, Zurich, Switzerland
Matus Harvan , Inst. of Inf. Security, ETH Zurich, Zurich, Switzerland
Felix Klaedtke , Inst. of Inf. Security, ETH Zurich, Zurich, Switzerland
Eugen Zalinescu , Inst. of Inf. Security, ETH Zurich, Zurich, Switzerland
IT systems manage increasing amounts of sensitive data and there is a growing concern that they comply with policies that regulate data usage. In this paper, we use temporal logic to express policies and runtime monitoring to check system compliance. While well-established methods for monitoring linearly ordered system behavior exist, a major challenge is monitoring distributed and concurrent systems where actions are locally observed in the different system parts. These observations can only be partially ordered, while policy compliance may depend on the actions' actual order of appearance. Technically speaking, it is in general intractable to check compliance of partially ordered traces. We identify fragments of our policy specification language for which compliance can be checked efficiently, namely, by monitoring a single representative trace in which the observed actions are totally ordered. Through a case study we show that the fragments are capable of expressing nontrivial policies and that monitoring representative traces is feasible on real-world data.
Monitoring, Cost accounting, Periodic structures, Semantics, Distributed databases, Standards, Finite element analysis
D. Basin, M. Harvan, F. Klaedtke and E. Zalinescu, "Monitoring Data Usage in Distributed Systems," in IEEE Transactions on Software Engineering, vol. 39, no. 10, pp. 1403-1426, 2013.