Sciweavers

CCS
2011
ACM

Policy auditing over incomplete logs: theory, implementation and applications

12 years 3 months ago
Policy auditing over incomplete logs: theory, implementation and applications
We present the design, implementation and evaluation of an algorithm that checks audit logs for compliance with privacy and security policies. The algorithm, which we name reduce, addresses two fundamental challenges in compliance checking that arise in practice. First, in order to be applicable to realistic policies, reduce operates on policies expressed in a first-order logic that allows restricted quantification over infinite domains. We build on ideas from logic programming to identify the restricted form of quantified formulas. The logic can, in particular, express all 84 disclosure-related clauses of the HIPAA Privacy Rule, which involve quantification over the infinite set of messages containing personal information. Second, since audit logs are inherently incomplete (they may not contain sufficient information to determine whether a policy is violated or not), reduce proceeds iteratively: in each iteration, it provably checks as much of the policy as possible over the cu...
Deepak Garg, Limin Jia, Anupam Datta
Added 13 Dec 2011
Updated 13 Dec 2011
Type Journal
Year 2011
Where CCS
Authors Deepak Garg, Limin Jia, Anupam Datta
Comments (0)