Checking Traces for Regulatory Conformance

Dinesh, Nikhil; Joshi, Aravind K.; Lee, Insup; Sokolsky, Oleg

doi:10.1007/978-3-540-89247-2_6

Cited by 25 publications

(23 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address this limitation, many logics and languages have been proposed for specifying privacy policies. Some examples are P3P [48,49], EPAL [50,51], Privacy APIs [52], LPU [53,54], past-only fragment of first-order temporal logic (FOTL) [10,11], predLTL [55], pLogic [56], PrivacyLFP [12], MFOTL [5][6][7], the guarded fragment of first-order logic with explicit time [4], and P-RBAC [57]. Our policy language, GMP, is more expressive than many existing policy languages such as LPU [53,54], P3P [48,49], EPAL [50,51], and P-RBAC [57].…”

Section: Related Workmentioning

confidence: 99%

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

Chowdhury

Jia

Garg³

et al. 2014

Computer Aided Verification

View full text Add to dashboard Cite

Fragments of first-order temporal logic are useful for representing many practical privacy and security policies. Past work has proposed two strategies for checking event trace (audit log) compliance with policies: online monitoring and offline audit. Although online monitoring is space-and timeefficient, existing techniques insist that satisfying instances of all subformulas of the policy be amenable to caching, which limits expressiveness when some subformulas have infinite support. In contrast, offline audit is brute force and can handle more policies but is not as efficient. This paper proposes a new online monitoring algorithm that caches satisfying instances when it can, and falls back to the brute force search when it cannot. Our key technical insight is a new flowand time-sensitive static check of variable groundedness, called the temporal mode check, which determines subformulas for which such caching is feasible and those for which it is not and, hence, guides our algorithm. We prove the correctness of our algorithm and evaluate its performance over synthetic traces and realistic policies.

show abstract

Section: Related Workmentioning

confidence: 99%

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

Chowdhury

Jia

Garg³

et al. 2014

Computer Aided Verification

View full text Add to dashboard Cite

show abstract

“…In a companion paper [30], we identify a fragment of RefL motivated by a case study of the FDA CFR. The fragment assumes that by Id (ϕ) can be evaluated by using at most one of the laws referred to.…”

Section: Discussionmentioning

confidence: 99%

“…This assumption allows us to replace satisfiability tests with tests of lower complexity, and lets us scale up to runs with a large number of objects. In this paper, we have focussed on formally characterizing the semantics and complexity of RefL, and in [30], we focus on optimizations that are needed in practice.…”

Section: Discussionmentioning

confidence: 99%

A Default Temporal Logic for Regulatory Conformance Checking

Dinesh¹,

Joshi²,

Lee³

et al. 2008

Self Cite

View full text Add to dashboard Cite

This paper considers the problem of checking whether an organization conforms to a body of regulation. Conformance is cast as a trace checking question -the regulation is represented in a logic that is evaluated against an abstract trace or run representing the operations of an organization. We focus on a problem in designing a logic to represent regulation. A common phenomenon in regulatory texts is for sentences to refer to others for conditions or exceptions. We motivate the need for a formal representation of regulation to accommodate such references between statements. We then extend linear temporal logic to allow statements to refer to others. The semantics of the resulting logic is defined via a combination of techniques from Reiter's default logic and Kripke's theory of truth. This paper is an expanded version of [1]. Abstract. This paper considers the problem of checking whether an organization conforms to a body of regulation. Conformance is cast as a trace checking question -the regulation is represented in a logic that is evaluated against an abstract trace or run representing the operations of an organization. We focus on a problem in designing a logic to represent regulation. A common phenomenon in regulatory texts is for sentences to refer to others for conditions or exceptions. We motivate the need for a formal representation of regulation to accomodate such references between statements. We then extend linear temporal logic to allow statements to refer to others. The semantics of the resulting logic is defined via a combination of techniques from Reiter's default logic and Kripke's theory of truth. This paper is an expanded version of [1].

show abstract

“…The closest work is that by Dinesh et al, who used natural language processing (NLP) techniques to extract formal process representations from regulatory documents. They used these process representations to analyze an organization's conformance to the regulation [17]. However, the authors focused on analyzing activities explicitly logged in a database.…”

Section: Related Workmentioning

confidence: 99%

Mind the gap: assessing the conformance of software traceability to relevant guidelines

Rempel

Mäder

Kuschke

et al. 2014

Proceedings of the 36th International Conference on Software Engineering

View full text Add to dashboard Cite

Many guidelines for safety-critical industries such as aeronautics, medical devices, and railway communications, specify that traceability must be used to demonstrate that a rigorous process has been followed and to provide evidence that the system is safe for use. In practice, there is a gap between what is prescribed by guidelines and what is implemented in practice, making it difficult for organizations and certifiers to fully evaluate the safety of the software system. In this paper we present an approach, which parses a guideline to extract a Traceability Model depicting software artifact types and their prescribed traces. It then analyzes the traceability data within a project to identify areas of traceability failure. Missing traceability paths, redundant and/or inconsistent data, and other problems are highlighted. We used our approach to evaluate the traceability of seven safetycritical software systems and found that none of the evaluated projects contained traceability that fully conformed to its relevant guidelines.

show abstract

Checking Traces for Regulatory Conformance

Cited by 25 publications

References 18 publications

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

Temporal Mode-Checking for Runtime Monitoring of Privacy Policies

A Default Temporal Logic for Regulatory Conformance Checking

Mind the gap: assessing the conformance of software traceability to relevant guidelines

Contact Info

Product

Resources

About