Visible to the public Formal Specification and Analysis of Security-Critical Norms and Policies - October 2014

Submitted by drwright on Wed, 09/24/2014 - 1:55pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s):  Jon Doyle, Munindar Singh, Rada Chirkova
Researchers:  Bennett Y. Narron, Vaira Selvakani, Nirav Ajmeri

HARD PROBLEM(S) ADDRESSED

  • Policy-Governed Secure Collaboration - This project addresses how to specify and analyze norms (standards of correct collaborative behavior) and policies (ways of achieving different collaborative behaviors) to determine important properties, such as their mutual consistency.
  • Scalability and Composability - This project can facilitate the composition of new collaborative systems by combining sets of norms and policies, and verifying whether such combinations satisfy desired properties.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

Amit K. Chopra and Munindar P. Singh, The Thing Itself Speaks: Accountability as a Foundation for Requirements in Sociotechnical Systems, Proceedings of the IEEE International Workshop on Requirements Engineering and Law (RELAW), Extended Abstract, Karlskrona, Sweden, IEEE Computer Society, 2014.

ACCOMPLISHMENT HIGHLIGHTS

We are addressing our first research hypothesis, which is that norm and preference specification languages can be constructed that both adequately express typical collaboration scenarios as well as enable tractable checking of consistency, composability, and realizability via policies.

We have introduced a new notion of accountability that formulates accountability in normative terms, which will provide a connection between norms and policies and security properties, especially in the academic IT domain.

We are formulating the problems of consistency and realizability in mathematical terms with a view toward producing criteria for designing algorithms for consistency and realizability of norms, policies, and preferences. To this end, we are investigating whether a set of norms is consistent and realizable through the policies and preferences of the collaborators and whether a set of norms achieves specified security properties with reference to the healthcare domain.

Groups: