Formal Specification and Analysis of Security-Critical Norms and Policies - April 2015

Submitted by drwright on Sun, 03/22/2015 - 1:20pm

Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.

PI(s): Rada Chirkova, Jon Doyle, Munindar Singh
Researchers: Bennett Y. Narron, Vaira Selvakani, Nirav Ajmeri

HARD PROBLEM(S) ADDRESSED

Policy-Governed Secure Collaboration - This project addresses how to specify and analyze norms (standards of correct collaborative behavior) and policies (ways of achieving different collaborative behaviors) to determine important properties, such as their mutual consistency.
Scalability and Composability - This project can facilitate the composition of new collaborative systems by combining sets of norms and policies, and verifying whether such combinations satisfy desired properties.

PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.

Munindar P. Singh. 2015. Norms as a Basis for Governing Sociotechnical Systems: Extended Abstract. Proceedings of the 24th International Joint Conference on Artificial Intelligence (IJCAI). :1-5.

ACCOMPLISHMENT HIGHLIGHTS

We have developed a scenario that bring forth some challenges of policy-governed secure collaboration in the domain of healthcare information sharing.
We have identified and analyzed important elements of the relevant literature on norm representation and reasoning as well on policy modeling and enactment. We have evaluated some of this literature with respect to the above-mentioned healthcare scenario.
We have designed a human-subject experiment to compare the effectiveness of our language for formalizing requirements of policy-based governance with an existing approach. This experiment will measure effectiveness in terms of the time and effort needed in creating a model, the comprehensibility of the model produced, the ease of modifying such a model, and the flexibility accorded by such a model. We have received the exempt status from NCSU's Institutional Review Board, and will conduct the experiment in the coming weeks.
We have developed a preliminary formal language for norms and actions to use for specifying and reasoning about policy-governed secure collaboration. This language incorporates modeling of the key roles and the norms that characterize how these roles may interact and the ways in which they may hold each other accountable. Our draft language supports modeling norms as well as actions that create and manipulate norms in formal ways.

Groups:

NCSU Science of Security Lablet Research Initiative