Formal Specification and Analysis of Security-Critical Norms and Policies - April 2016
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Rada Y. Chirkova, Jon Doyle, Munindar P. Singh
Researchers: Nirav Ajmeri, Jiaming Jiang, Ozgur Kafali, Anup Kalia
HARD PROBLEM(S) ADDRESSED
- Policy-Governed Secure Collaboration - This project addresses how to specify and analyze norms (standards of correct collaborative behavior) and policies (ways of achieving different collaborative behaviors) to determine important properties, such as their mutual consistency.
- Scalability and Composability - This project can facilitate the composition of new collaborative systems by combining sets of norms and policies, and verifying whether such combinations satisfy desired properties.
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
-
Jiaming Jiang, Nirav Ajmeri, Rada Y. Chirkova, Jon Doyle, Munindar P. Singh. 2016. Expressing and Reasoning about Conflicting Norms in Cybersecurity: Poster.
-
Amit K. Chopra, Munindar P. Singh. 2016. Custard: Computing Norm States over Information Stores. Proceedings of the International Conference on Autonomous Agents and MultiAgent Systems (AAMAS). :1–10.
ACCOMPLISHMENT HIGHLIGHTS
- We enhanced our implementation of our representation and reasoning framework for conflicting norms. We demonstrated more complex scenarios than before--these scenarios involve multiple interrelated norms.
- We enhanced our approach for mapping from norm schemas to relational (SQL) queries. This approach supports the various norm types defined in the literature (and potentially new types) by showing how to compute the lifecycle state of any norm from the underlying (and appropriately linked) relational information stores.
- We enhanced the sociotechnical formalization of NoReST, which we developed previously, with a formal model for domain assumptions and technical mechanisms. We also conducted a user study to demonstrate the usefulness of normative models for capturing requirements.