Samuel Müller

A static compliance-checking framework for business process models

Regulatory compliance of business operations is a critical problem for enterprises. As enterprises increasingly use business process management systems to automate their business processes, technologies to automatically check the compliance of process models against compliance rules are becoming important. In this paper, we present a method to improve the reliability and minimize the risk of failure of business process management systems from a compliance perspective. The proposed method allows separate modeling of both process models and compliance concerns. Business process models expressed in the Business Process Execution Language are transformed into pi-calculus and then into finite state machines. Compliance rules captured in the graphical Business Property Specification Language are translated into linear temporal logic. Thus, process models can be verified against these compliance rules by means of model-checking technology. The benefit of our method is threefold: Through the automated verification of a large set of business process models, our approach increases deployment efficiency and lowers the risk of installing noncompliant processes; it reduces the cost associated with inspecting business process models for compliance; and compliance checking may ensure compliance of new process models before their execution and thereby increase the reliability of business operations in general.

Optimized enterprise risk management

As the result of the increasing costs of risk and compliance activities, enterprises are beginning to integrate compliance and risk management into a comprehensive enterprise risk management function and thus proactively address all sorts of risk, including operational risk and the risk of noncompliance. We present the IBM Research enterprise risk management framework, designed to address risk and compliance management in a strategic, integrated, and comprehensive manner. We demonstrate how enterprises evolve along an enterprise-risk-management maturity continuum from a state of mere penalty avoidance through a state of improvement until they finally reach a state of continuous, risk-based transformation. We then explain our high-level model of the enterprise and its environment and describe the central issues, systems, models, and technologies involved. We conclude by presenting the tactical steps necessary to successfully launch enterprise risk management in accordance with our framework.

Policy monitoring in first-order temporal logic

We present an approach to monitoring system policies As a specification language, we use an expressive fragment of a temporal logic, which can be effectively monitored We report on case studies in security and compliance monitoring and use these to show the adequacy of our specification language for naturally expressing complex, realistic policies and the practical feasibility of monitoring these policies using our monitoring algorithm.

Runtime Monitoring of Metric First-order Temporal Properties

We introduce a novel approach to the runtime monitoring of complex system proper- ties. In particular, we present an online algorithm for a safety fragment of metric first-order temporal logic that is considerably more expressive than the logics supported by prior monitoring methods. Our approach, based on automatic structures, allows the unrestricted use of negation, universal and existential quantification over infinite domains, and the arbitrary nesting of both past and bounded future operators. Moreover, we show how to optimize our approach for the common case where structures consist of only finite relations, over possibly infinite domains. Under an additional restric- tion, we prove that the space consumed by our monitor is polynomially bounded by the cardinality of the data appearing in the processed prefix of the temporal structure being monitored.

Monitoring security policies with metric first-order temporal logic

We show the practical feasibility of monitoring complex security properties using a runtime monitoring approach for metric first-order temporal logic. In particular, we show how a wide variety of security policies can be naturally formalized in this expressive logic, ranging from traditional policies like Chinese Wall and separation of duty to more specialized usage-control and compliance requirements. We also explain how these formalizations can be directly used for monitoring and experimentally evaluate the performance of the resulting monitors.

Monitoring Metric First-Order Temporal Properties

Runtime monitoring is a general approach to verifying system properties at runtime by comparing system events against a specification formalizing which event sequences are allowed. We present a runtime monitoring algorithm for a safety fragment of metric first-order temporal logic that overcomes the limitations of prior monitoring algorithms with respect to the expressiveness of their property specification languages. Our approach, based on automatic structures, allows the unrestricted use of negation, universal and existential quantification over infinite domains, and the arbitrary nesting of both past and bounded future operators. Furthermore, we show how to use and optimize our approach for the common case where structures consist of only finite relations, over possibly infinite domains. We also report on case studies from the domain of security and compliance in which we empirically evaluate the presented algorithms. Taken together, our results show that metric first-order temporal logic can serve as an effective specification language for expressing and monitoring a wide variety of practically relevant system properties.

A quantitative optimization model for dynamic risk-based compliance management

The changing nature of regulation forces businesses to continuously reevaluate the measures taken to comply with regulatory requirements. To prepare for compliance audits, businesses must also implement an effective internal inspection policy that identifies and rectifies instances of noncompliance. In this paper, we propose an approach to compliance management based on a quantitative risk-based optimization model. Our model allows dynamic selection of the optimal set of feasible measures for attaining an adequate level of compliance with a given set of regulatory requirements. The model is designed to minimize the expected total cost of compliance, including the costs of implementing a set of measures, the cost of carrying out periodic inspections, and the audit outcome cost for various compliance levels. Our approach is based on dynamic programming and naturally accounts for the dynamic nature of the regulatory environment. Our method can be used either as a scenario-based management support system or, depending on the availability of reliable input data, as a comprehensive tool for optimally selecting the needed compliance measures and inspection policy. We illustrate our approach in a hypothetical case study.

Security and Trust through Electronic Social Network-Based Interactions

The success of a Public Key Infrastructure such as the Web of Trust (WoT) heavily depends on its ability to ensure that public keys are used by their legitimate owners, thereby avoiding malicious impersonations. To guarantee this property, the WoT requires users to physically gather, check each other’s credentials (e.g., ID cards), to sign the trusted keys, and to subsequently monitor their validity over time. This trust establishment and management procedure is rather cumbersome and, as we believe, the main reason for the limited adoption of the WoT. To overcome this problem, we propose a solution that leverages the intrinsic properties of Electronic Social Networks (ESN) to establish and manage trust in the WoT. In particular, we exploit dynamically changing profile and contact information, as well as interactions among users of ESNs to gain and maintain trust in the legitimacy of key ownerships without the disadvantages of the traditional WoT approach. We see our proposal as an effective way to make security and trust solutions available to a broad audience of non-technical users.