MONPOLY: Monitoring Usage-Control Policies

Determining whether the usage of sensitive, digitally stored data complies with regulations and policies is a growing concern for companies, administrations, and end users alike. Classical examples of policies used for protecting and preventing the misuse of data are history-based access-control policies like the Chinese-wall policy and separation-of-duty constraints. Other policies from more specialized areas like banking involve retention, reporting, and transaction requirements. Simplified examples from this domain are that financial reports must be approved at most a week before they are published and that transactions over $10,000 must be reported within two days. In the context of IT systems, compliance checking amounts to implementing a process that monitors, either online or offline, other processes. Such a monitor needs to temporally relate actions performed by the other processes and the data involved in these actions. Since the number of data items processed in IT systems is usually huge at each point in time and cannot be bounded over time, monitoring algorithms, in particular for propositional temporal logics, are of limited use for compliance checking. In this paper, we present our monitoring tool MONPOLY for compliance checking. Policies are given as formulas of an expressive safety fragment of metric first-order temporal logic (MFOTL). The first-order fragment is well suited for formalizing relations on data, while the metric temporal operators can be used to specify properties depending on the times associated with past, present, and even future system events. MONPOLY processes a stream of system events with identifiers representing the data involved and reports policy violations. In the following, we describe MONPOLY and its features in more detail. We also briefly report on case studies and discuss related tools.