Automated counterexample-driven audits of authentic system records
نویسنده
چکیده
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv 1 Audit: An Approach to Generate Evidence . . . . . . . . . . . . . . . . . . . 1 1.1 IT Audits and their Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1.1 Audit and Policy Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.2 Audit and System Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1.3 Audit and Generated Evidence . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2 Contribution: An Architecture for Automated Audits . . . . . . . . . . . . 6 1.2.1 Assumptions Underlying the Audit Architecture . . . . . . . . . . . . 8 1.3 Application in Privacy Protection and Usage Control . . . . . . . . . . . . 9 1.3.1 Shortcoming of Current Privacy-Enhancing Technologies . . . . 10 1.3.2 Possible Application Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4 Structure and Presentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2 A Characterisation of Auditable Policies . . . . . . . . . . . . . . . . . . . . . 17 2.1 The Elements of Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.1.1 The Authorisation Element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.1.2 The Obligation Element . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2 Trace-Based Semantics and Properties . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.3 Policies as Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 2.4 On the Enforcement of Postconditional Rules . . . . . . . . . . . . . . . . . . . 23 2.4.1 Forbidding Postconditional Predicates . . . . . . . . . . . . . . . . . . . . . 24 2.4.2 Demanding Postconditional Predicates . . . . . . . . . . . . . . . . . . . . 25 2.4.3 Further Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.5 The Policy Language Praia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.5.1 Language Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2.5.2 The Semantics of Praia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.5.3 Characteristics of Praia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Part I: Elements of the Audit Architecture 35 3 BBox: Secure Logging and Log Views . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.1 On the Authenticity of Log Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37 3.1.1 Characterising Authenticity for Log Data . . . . . . . . . . . . . . . . . . 37 3.1.2 Threats to the Authenticity of Log Data . . . . . . . . . . . . . . . . . . 38 3.2 The Digital Black Box BBox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 3.2.1 BBox Architecture: Components and Operation . . . . . . . . . . . . 40 3.2.2 Initialisation Phase of the BBox . . . . . . . . . . . . . . . . . . . . . . . . . . 42 3.2.3 Online Phase of the BBox . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.2.4 Shut Down Phase of the BBox . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
منابع مشابه
Towards a Model for Automated Fault Localization in VHDL Designs: Exploring Counterexample-Traces Using a Model-Based Diagnosis Approach
In this paper we discuss the exploration of a model checker’s counterexample trace using model-based debugging techniques. We show that a diagnosis model obtained from a single counterexample run in an event-driven simulation is not appropriate for localizing a failures real cause in general. Notably, modeling VHDL’s event and process semantics as originally defined hampers the integration of t...
متن کاملA computer based, automated analysis of process and outcomes of diabetic care in 23 GP practices.
The predicted prevalence of diabetes in Ireland by 2015 is 190,000. Structured diabetes care in general practice has outcomes equivalent to secondary care and good diabetes care has been shown to be associated with the use of electronic healthcare records (EHRs). This automated analysis of EHRs in 23 practices took 10 minutes per practice compared with 15 hours per practice for manual searches....
متن کاملDual Space Control of a Deployable Cable Driven Robot: Wave Based Approach
Known for their lower costs and numerous applications, cable robots are an attractive research field in robotic community. However, considering the fact that they require an accurate installation procedure and calibration routine, they have not yet found their true place in real-world applications. This paper aims to propose a new controller strategy that requires no meticulous calibration and ...
متن کاملLog Your Car: Reliable Maintenance Services Record
A maintenance services logging system is a useful tool for car owners to keep track of the car’s condition and also can increase the market value of the car. Logging systems range from manual, paper-based, to automated, cloud-based systems. The automated process provides ease of use and availability of the records. A secure protocol is required to ensure that the workshop and service record are...
متن کاملFormalizing Counterexample-driven Refinement with Weakest Preconditions
To check a safety property of a program, it is sufficient to check the property on an abstraction that has more behaviors than the original program. If the safety property holds of the abstraction then it also holds of the original program. However, if the property does not hold of the abstraction along some trace t (a counterexample), it may or may not hold of the original program on trace t. ...
متن کامل