skip to main content
10.1145/2046707.2046726acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Policy auditing over incomplete logs: theory, implementation and applications

Published: 17 October 2011 Publication History

Abstract

We present the design, implementation and evaluation of an algorithm that checks audit logs for compliance with privacy and security policies. The algorithm, which we name reduce, addresses two fundamental challenges in compliance checking that arise in practice. First, in order to be applicable to realistic policies, reduce operates on policies expressed in a first-order logic that allows restricted quantification over infinite domains. We build on ideas from logic programming to identify the restricted form of quantified formulas. The logic can, in particular, express all 84 disclosure-related clauses of the HIPAA Privacy Rule, which involve quantification over the infinite set of messages containing personal information. Second, since audit logs are inherently incomplete (they may not contain sufficient information to determine whether a policy is violated or not), reduce proceeds iteratively: in each iteration, it provably checks as much of the policy as possible over the current log and outputs a residual policy that can only be checked when the log is extended with additional information. We prove correctness, termination, time and space complexity results for reduce. We implement reduce and optimize the base implementation using two heuristics for database indexing that are guided by the syntactic structure of policies. The implementation is used to check simulated audit logs for compliance with the HIPAA Privacy Rule. Our experimental results demonstrate that the algorithm is fast enough to be used in practice.

References

[1]
R. Alur and T. A. Henzinger. A really temporal logic. Journal of the ACM, 41(1):181--203, 1994.
[2]
K. R. Apt and E. Marchiori. Reasoning about Prolog programs: From modes through types to assertions. Formal Aspects of Computing, 6(6):743--765, 1994.
[3]
F. Baader, A. Bauer, and M. Lippmann. Runtime verification using a temporal description logic. In Proceedings of the 7th International Conference on Frontiers of Combining Systems (FroCos), pages 149--164, 2009.
[4]
M. Backes, B. Pfitzmann, and M. Schunter. A toolkit for managing enterprise privacy policies. In Proceedings of the 8th European Symposium on Research in Computer Security (ESORICS), LNCS 2808, pages 101--119, 2003.
[5]
H. Barringer, A. Goldberg, K. Havelund, and K. Sen. Rule-based runtime verification. In Proceedings of the 5th International Conference on Verification, Model Checking, and Abstract Interpretation (VMCAI), pages 44--57, 2004.
[6]
A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In Proceedings of the 27th IEEE Symposium on Security and Privacy (Oakland), pages 184--198, 2006.
[7]
A. Barth, J. C. Mitchell, A. Datta, and S. Sundaram. Privacy and utility in business processes. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF), pages 279--294, 2007.
[8]
D. Basin, F. Klaedtke, and S. Müller. Monitoring security policies with metric first-order temporal logic. In Proceeding of the 15th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 23--34, 2010.
[9]
D. A. Basin, F. Klaedtke, and S. Müller. Policy monitoring in first-order temporal logic. In Proceedings of the 22nd International Conference on Computer Aided Verification (CAV), pages 1--18, 2010.
[10]
C. Bettini, S. Jajodia, X. S. Wang, and D. Wijesekera. Provisions and obligations in policy rule management. Journal of Network and Systems Management, 11:351--372, 2003.
[11]
G. Bruns and P. Godefroid. Generalized model checking: Reasoning about partial state spaces. In Proceedings of the 11th International Conference on Concurrency Theory (CONCUR), pages 168--182, 2000.
[12]
J. G. Cederquist, R. Corin, M. A. C. Dekker, S. Etalle, J. I. den Hartog, and G. Lenzini. Audit-based compliance control. International Journal of Information Security, 6(2):133--151, 2007.
[13]
Deloitte & Touche and the Ponemon Institute. Enterprise@Risk: 2007 Privacy and Data Protection Survey. White Paper, December 2007.
[14]
Department of Health and Human Services, Office of the Secretary. HIPAA Privacy Rule accounting of disclosures under the health information technology for economic and clinical health act. 45 CFR 164, 2011. Available at http://www.gpo.gov/fdsys/pkg/FR-2011-05--31/pdf/2011--13297.pdf.
[15]
H. DeYoung, D. Garg, L. Jia, D. Kaynar, and A. Datta. Experiences in the logical specification of the HIPAA and GLBA privacy laws. In Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society (WPES), 2010. Full version: Carnegie Mellon University Technical Report Carnegie Mellon University-CyLab-10-007.
[16]
D. J. Dougherty, K. Fisler, and S. Krishnamurthi. Obligations and their interaction with programs. In Proceedings of the 12th European Symposium on Research in Computer Security (ESORICS), pages 375--389, 2007.
[17]
D. Garg, L. Jia, and A. Datta. A logical method for policy enforcement over evolving audit logs. Technical Report Carnegie Mellon University-CyLab-11-002, Carnegie Mellon University, 2011.
[18]
C. Giblin, A. Y. Liu, S. Müller, B. Pfitzmann, and X. Zhou. Regulations expressed as logical models (REALM). In Proceeding of the 18th Annual Conference on Legal Knowledge and Information Systems (JURIX), pages 37--48, 2005.
[19]
P. Godefroid and M. Huth. Model checking vs. generalized model checking: Semantic minimizations for temporal logics. In Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 158--167, 2005.
[20]
M. Hilty, D. A. Basin, and A. Pretschner. On obligations. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), pages 98--117, 2005.
[21]
K. Irwin, T. Yu, and W. H. Winsborough. On the modeling and analysis of obligations. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS), pages 134--143, 2006.
[22]
P. E. Lam, J. C. Mitchell, and S. Sundaram. A formalization of HIPAA for a medical messaging system. In Proceedings of the 6th International Conference on Trust, Privacy and Security in Digital Business (TrustBus), pages 73--85, 2009.
[23]
Y. Liu, S. Müller, and K. Xu. A static compliance-checking framework for business process models. IBM Systems Journal, 46:335--361, 2007.
[24]
Z. Manna and A. Pnueli. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, 1995.
[25]
M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In Proceedings of the 19th IEEE Workshop on Computer Security Foundations (CSFW), pages 85--97, 2006.
[26]
Q. Ni, E. Bertino, and J. Lobo. An obligation model bridging access control policies and privacy policies. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 133--142, 2008.
[27]
OASIS XACML Committee. Extensible access control markup language (XACML) v2.0, 2004. Available at http://www.oasis-open.org/specs/\#xacmlv2.0.
[28]
J. Park and R. Sandhu. Towards usage control models: beyond traditional access control. In Proceedings of the 7th ACM Symposium on Access Control Models and Technologies (SACMAT), pages 57--64, 2002.
[29]
G. Roşu and K. Havelund. Rewriting-based techniques for runtime verification. Automated Software Engineering, 12:151--197, 2005.
[30]
M. Roger and J. Goubault-Larrecq. Log auditing through model-checking. In Proceedings of the 14th IEEE Workshop on Computer Security Foundations (CSF), pages 220--236, 2001.
[31]
O. Sokolsky, U. Sammapun, I. Lee, and J. Kim. Run-time checking of dynamic properties. Electronic Notes in Theoretical Computer Science, 144:91--108, 2006.
[32]
P. Thati and G. Roşu. Monitoring algorithms for metric temporal logic specifications. Electronic Notes in Theoretical Computer Science, 113:145--162, 2005.
[33]
US Congress. Gramm-Leach-Bliley Act, Financial Privacy Rule. 15 USC S6801--S6809, November 1999. Available at http://www.law.cornell.edu/uscode/usc_sup_01_15_10_94_20_I.html.
[34]
US Congress. Health Insurance Portability and Accountability Act of 1996, Privacy Rule. 45 CFR 164, 2002. Available at http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html.

Cited By

View all
  • (2022)All Eyes On MeProceedings of the 21st Workshop on Privacy in the Electronic Society10.1145/3559613.3563190(197-211)Online publication date: 7-Nov-2022
  • (2021)Automating Audit with Policy Inference2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00001(1-16)Online publication date: Jun-2021
  • (2021)What can we monitor over unreliable channels?International Journal on Software Tools for Technology Transfer10.1007/s10009-021-00625-zOnline publication date: 30-Jun-2021
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security
October 2011
742 pages
ISBN:9781450309486
DOI:10.1145/2046707
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. audit
  2. formal logic
  3. incomplete logs
  4. privacy policy

Qualifiers

  • Research-article

Conference

CCS'11
Sponsor:

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)29
  • Downloads (Last 6 weeks)1
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2022)All Eyes On MeProceedings of the 21st Workshop on Privacy in the Electronic Society10.1145/3559613.3563190(197-211)Online publication date: 7-Nov-2022
  • (2021)Automating Audit with Policy Inference2021 IEEE 34th Computer Security Foundations Symposium (CSF)10.1109/CSF51468.2021.00001(1-16)Online publication date: Jun-2021
  • (2021)What can we monitor over unreliable channels?International Journal on Software Tools for Technology Transfer10.1007/s10009-021-00625-zOnline publication date: 30-Jun-2021
  • (2020)Maybe tainted data: Theory and a case studyJournal of Computer Security10.3233/JCS-191342(1-41)Online publication date: 1-Apr-2020
  • (2020)We Know What You Did Last SessionProceedings of the 32nd International Conference on Scientific and Statistical Database Management10.1145/3400903.3401692(1-4)Online publication date: 7-Jul-2020
  • (2020)A Framework for DSL-Based Query Classification Using Relational and Graph-Based Data ModelsProceedings of the 3rd Joint International Workshop on Graph Data Management Experiences & Systems (GRADES) and Network Data Analytics (NDA)10.1145/3398682.3399167(1-5)Online publication date: 14-Jun-2020
  • (2020) Privacy Enhancing Technologies ( PETs ) for connected vehicles in smart cities Transactions on Emerging Telecommunications Technologies10.1002/ett.417333:10Online publication date: 18-Nov-2020
  • (2019)Runtime Monitoring of IoT Services to Guarantee PropertiesIntegrating and Streamlining Event-Driven IoT Services10.4018/978-1-5225-7622-8.ch007(223-275)Online publication date: 2019
  • (2019)Runtime Verification over Out-of-order StreamsACM Transactions on Computational Logic10.1145/335560921:1(1-43)Online publication date: 4-Oct-2019
  • (2019)VACCINE: Using Contextual Integrity For Data Leakage DetectionThe World Wide Web Conference10.1145/3308558.3313655(1702-1712)Online publication date: 13-May-2019
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media