Seminari
Da febbraio 2019, l’Istituto del Software ha iniziato una serie di seminari. Ogni giovedì pomeriggio, un ricercatore dell’Istituto terrà un breve discorso su un argomento di ingegneria del software a sua scelta, come ad esempio articoli interessanti pubblicati di recente, articoli seminali nel proprio campo di ricerca, discussioni su idee preliminari, tutorial e piccoli esperimenti.
Sulla nostra playlist YouTube potete riguardare alcuni dei seminari precedenti. Di seguito trovate ulteriori dettagli sul prossimo seminario, su quelli a venire e un archivio dei relatori precedenti.
Tutti sono invitati a partecipare ai seminari organizzati dall’Istituto del Software.
Prossimo Relatore: Srdjan Krstic
Correctness and regulatory compliance of today’s software are crucial for our safety and security. Runtime enforcement addresses this challenge by constructing systems, called enforcers, that observe and actively control the behavior of other systems by modifying their actions to ensure policy compliance. The enforcer’s capabilities, i.e., what they can control on the target system, determine which policies are enforceable.
Specifically, policies require enforcer decisions based on the past or present system behavior (so-called provisions), or additionally on future behavior (so-called obligations). To enforce obligations, enforcers cannot merely react to system actions, but rather proactively act. If the policy imposes time constraints on the target system, the enforcement is considered real-time.
In this talk, I will present a proactive real-time enforcement algorithm for an expressive policy language, called metric first-order temporal logic. Given a policy, the algorithm is sound (i.e., modified behavior always complies with the policy) and transparent (i.e., if the behavior is already policy-compliant, then it is not modified). We implement this algorithm in a tool called WhyEnf and carry out a case study on enforcing GDPR-related policies. Our tool can enforce all policies from the study in real-time with modest overhead. Our work thus provides the first tool-supported approach that can proactively enforce expressive first-order policies in real time.
Srđan Krstić is a senior researcher at ETH Zurich focusing on formal methods for security and privacy. He holds a PhD in Computer Science from Politecnico di Milano, where he worked on runtime verification for software engineering.
He has published numerous papers on topics such as runtime verification, model-driven security, user-controlled privacy, and GDPR enforcement. Srđan is currently focused on runtime enforcement techniques to ensure compliance with privacy policies. He has collaborated with various experts in the field and contributed to advancing the understanding and implementation of privacy requirements in IT systems. His most cited paper introduces a taxonomy of runtime verification, which is a popular starting point for researchers to introduce themselves to the field and get a broad overview.