Monitoring compliance policies over incomplete and disagreeing logs
D Basin, F Klaedtke, S Marinovic… - Runtime Verification: Third …, 2013 - Springer
Runtime Verification: Third International Conference, RV 2012, Istanbul …, 2013•Springer
When monitoring system behavior to check compliance against a given policy, one is
sometimes confronted with incomplete knowledge about system events. In IT systems, such
incompleteness may arise from logging infrastructure failures and corrupted log files, or
when the logs produced by different system components disagree on whether actions took
place. In this paper, we present a policy language with a three-valued semantics that allows
one to explicitly reason about incomplete knowledge and handle disagreements …
sometimes confronted with incomplete knowledge about system events. In IT systems, such
incompleteness may arise from logging infrastructure failures and corrupted log files, or
when the logs produced by different system components disagree on whether actions took
place. In this paper, we present a policy language with a three-valued semantics that allows
one to explicitly reason about incomplete knowledge and handle disagreements …
Abstract
When monitoring system behavior to check compliance against a given policy, one is sometimes confronted with incomplete knowledge about system events. In IT systems, such incompleteness may arise from logging infrastructure failures and corrupted log files, or when the logs produced by different system components disagree on whether actions took place. In this paper, we present a policy language with a three-valued semantics that allows one to explicitly reason about incomplete knowledge and handle disagreements. Furthermore, we present a monitoring algorithm for an expressive fragment of our policy language. We illustrate through examples how our approach extends compliance monitoring to systems with logging failures and disagreements.
Springer
Showing the best result for this search. See all results