Formal Specification and Analysis of Security-Critical Norms and Policies - July 2016
Public Audience
Purpose: To highlight project progress. Information is generally at a higher level which is accessible to the interested public. All information contained in the report (regions 1-3) is a Government Deliverable/CDRL.
PI(s): Rada Y. Chirkova, Jon Doyle, Munindar P. Singh
Researchers: Nirav Ajmeri, Jiaming Jiang, Ozgur Kafali, Anup Kalia
HARD PROBLEM(S) ADDRESSED
- Policy-Governed Secure Collaboration - This project addresses how to specify and analyze norms (standards of correct collaborative behavior) and policies (ways of achieving different collaborative behaviors) to determine important properties, such as their mutual consistency.
- Scalability and Composability - This project can facilitate the composition of new collaborative systems by combining sets of norms and policies, and verifying whether such combinations satisfy desired properties.
PUBLICATIONS
Report papers written as a results of this research. If accepted by or submitted to a journal, which journal. If presented at a conference, which conference.
-
Ozgur Kafali, Nirav Ajmeri, Munindar P. Singh. Revani: Revising and Verifying Normative Specifications for Privacy. IEEE Intelligent Systems, 2016. To appear.
-
Nirav Ajmeri, Jiaming Jiang, Rada Y. Chirkova, Jon Doyle, and Munindar P. Singh. “Coco: Runtime Reasoning about Conflicting Commitments.” Proceedings of the 25th International Joint Conference on Artificial Intelligence (IJCAI). New York: IJCAI, July 2016, 7 pages. To appear.
ACCOMPLISHMENT HIGHLIGHTS
- We extended our runtime reasoning approach to support reasoning about authorizations and prohibitions, not only commitments as in our previous work. Doing so facilitates modeling more realistic cybersecurity scenarios.
- We conducted an empirical evaluation comparing the effectiveness of our approach with that of a previous approach based on legal concepts and an approach that does not involve formal modeling. Our preliminary results demonstrate the benefits of our approach in improved correctness and coverage of requirements over both the previous approaches.