FLAVOR: A FORMAL LANGUAGE FOR A

Similar documents
A logical framework to deal with variability

Towards a Formal Language for Electronic Contracts

Linear Temporal Logic (LTL)

Reasoning about Contracts

A Decidable Logic for Complex Contracts

Structural Contradictions

On Real-time Monitoring with Imprecise Timestamps

Meeting the Deadline: Why, When and How

Temporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.

CIS 842: Specification and Verification of Reactive Systems. Lecture Specifications: Specification Patterns

Partial model checking via abstract interpretation

Using Patterns and Composite Propositions to Automate the Generation of LTL Specifications

Matching Trace Patterns With Regular Policies

Security as a Resource in Process-Aware Information Systems

Trace Diagnostics using Temporal Implicants

The Safety Simple Subset

Module 7 D and Equivalent Systems

Verification Using Temporal Logic

EAHyper: Satisfiability, Implication, and Equivalence Checking of Hyperproperties

Using Patterns and Composite Propositions to Automate the Generation of Complex LTL Specifications

Linear-Time Logic. Hao Zheng

Automata Construction for PSL

The Puzzles of Deontic Logic

Model for reactive systems/software

A Note on the Good Samaritan Paradox and the Disquotation Theory of Propositional Content a

Permission to Speak: A Logic for Access Control and Conformance

Generating Linear Temporal Logic Formulas for Pattern-Based Specifications

In this appendix we proof some of the propositions and theorems used throughout the thesis. Proofs of LTL-reductions of chapter 4

CS206 Lecture 21. Modal Logic. Plan for Lecture 21. Possible World Semantics

Handout Lecture 1: Standard Deontic Logic

Priority Structure in Deontic Logic

Property Checking of Safety- Critical Systems Mathematical Foundations and Concrete Algorithms

Alan Bundy. Automated Reasoning LTL Model Checking

Lecture 16: Computation Tree Logic (CTL)

THEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006

Obligations and their Interaction with Programs

Augmenting a Regular Expression-Based Temporal Logic with Local Variables

Game-Theoretic Foundations for Norms

CS Lecture 19: Logic To Truth through Proof. Prof. Clarkson Fall Today s music: Theme from Sherlock

CL: A Logic for Reasoning about Legal Contracts Semantics. Research Report No Cristian Prisacariu Gerardo Schneider

Thou Shalt is not You Will

T Reactive Systems: Temporal Logic LTL

Introduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either

Propositional logic (revision) & semantic entailment. p. 1/34

Defeasible Deontic Reasoning

A Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice

PSL Model Checking and Run-time Verification via Testers

Doing the right things trivalence in deontic action logic

Course Runtime Verification

FORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC

Linear Temporal Logic and Büchi Automata

Business Process Regulatory Compliance is Hard

Protocols for Highly-Regulated Systems

Modelling and Analysing Variability in Product Families

Temporal Logic - Soundness and Completeness of L

A Counting Semantics for Monitoring LTL Specifications over Finite Traces

arxiv: v1 [cs.lo] 5 Jan 2018

Proofs Propositions and Calculuses

To do something else

Intuitionistic Description Logic and Legal Reasoning

TWO-PHASE DEONTIC LOGIC LEENDERT VAN DER TORRE AND YAO-HUA TAN

Temporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure

Logic as The Calculus of Computer Science

It is a growing concern for companies, administrations,

03 Propositional Logic II

CS156: The Calculus of Computation

CS156: The Calculus of Computation Zohar Manna Autumn 2008

Announcements. CS243: Discrete Structures. Propositional Logic II. Review. Operator Precedence. Operator Precedence, cont. Operator Precedence Example

Model Checking. Temporal Logic. Fifth International Symposium in Programming, volume. of concurrent systems in CESAR. In Proceedings of the

CS256/Spring 2008 Lecture #11 Zohar Manna. Beyond Temporal Logics

BETWEEN THE LOGIC OF PARMENIDES AND THE LOGIC OF LIAR

Truth-Functional Logic

Reasoning about Time and Reliability

Logic: Propositional Logic (Part I)

MODEL CHECKING FOR DYNAMIC ALLOCATION AND DEALLOCATION Extended Abstract

Overview, cont. Overview, cont. Logistics. Optional Reference #1. Optional Reference #2. Workload and Grading

Temporal Logic with Past is Exponentially More Succinct

What I fail to do today, I have to do tomorrow : a logical study of the propagation of obligations

Almost Linear Büchi Automata

Authorized workflow schemas

What is DEL good for? Alexandru Baltag. Oxford University

Comp487/587 - Boolean Formulas

Towards a General Theory of Non-Cooperative Computation

CSE507. Course Introduction. Computer-Aided Reasoning for Software. Emina Torlak

Symbolic Model Checking Property Specification Language*

Patterns for a Log-Based Strengthening of Declarative Compliance Models

INTRODUCTION TO NONMONOTONIC REASONING

Formal Verification. Lecture 1: Introduction to Model Checking and Temporal Logic¹

Monitoring Security Policies with Metric First-order Temporal Logic

Expressing Security Properties Using Selective Interleaving Functions

A Logical Method for Policy Enforcement over Evolving Audit Logs

The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security

Propositional Reasoning

Timo Latvala. February 4, 2004

Logic for Computer Science - Week 4 Natural Deduction

Title: The Definition of a Temporal Clock Operator. Authors:

Thou Shalt is not You Will

Agenda. Artificial Intelligence. Reasoning in the Wumpus World. The Wumpus World

Chemical Control Legislation In Japan

Characterizing Fault-Tolerant Systems by Means of Simulation Relations

Transcription:

: A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES Romuald THION, Daniel LE MÉTAYER UNIVERSITÉ LYON 1, LIRIS/INRIA GRENOBLE RHÔNE-ALPES IEEE International Symposium on Policies for Distributed Systems and Networks R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 1 /27

Outline : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 1 Introduction 2 The language 3 in 4 R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 2 /27

Context Motivations Contribution 1 Introduction Context Motivations Contribution 2 The language 3 in 4 R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 3 /27

Context Motivations Contribution LICIT research team at INRIA Legal Issues in Communication and Information Technologies Computer science Law (as seen by lawyers?) (as seen by scientists?) R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 4 /27

Context Motivations Contribution Motivations Examples of legal rules (from the CS literature) US Patriot Act [Giblin et al., 2005] Anti money-laundering [Liu et al., 2007] Health Insurance Portability and Accountability Act [Barth et al., 2006] Children Online Privacy Protection Act [Barth et al., 2006] Gramm-Leach-Bliley Act [Barth et al., 2006] The Fair Credit Reporting Act [Johnson and Grandison, 2007] Airport regulations [Delahaye et al., 2006] U.S. Food and Drug Administration [Dinesh et al., 2008] R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 5 /27

Context Motivations Contribution Motivations Legal rules in IT systems Different sources (e.g., national, international, contracts... ) Different objectives (e.g., business, privacy, security, crime... ) Possibly very high stakes (e.g., financial losses, lawsuits, disrepute... ) How to manage and monitor legal rules in IT systems? Toward a compliance system! R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 6 /27

Context Motivations Contribution Contribution A Formal Language for A posteriori Verification Of legal Rules : key design choices Formal semantics Captures patterns of legal rules Oriented toward a posteriori verification before: static analysis while: monitoring after: audit R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 7 /27

Syntax 1 Introduction 2 The language Syntax 3 in 4 R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 8 /27

Syntax Syntax Excerpt of a business agreement 1 Within two weeks after receipt of the Software, Customer shall pay to Supplier the amount of twenty thousand Euros. 2 The payment of any additional service by Customer shall be due within four weeks after receipt of a valid invoice for the service. 3 In case of late payment, Customer shall pay, in addition to the due amount, a penalty of 5% of this amount. R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 9 /27

Syntax Syntax Characteristics of legal rules Conditional activation (e.g., on receipt of an invoice) Context (e.g., invoice amount) Deontic and temporal modalities (e.g., must... within... ) Contrary to duty (e.g., in case of a breach) is a domain specific language for legal rules which captures those constructors R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 10 /27

Syntax Formal syntax L ::= ρ, δ ρ, δ ρ, δ φ ρ, δ φ ψ φ ψ φ Informal semantics ρ, δ atomic properties (pattern matching on events) ρ, δ ought to do ρ before δ occurs ρ, δ ought not to do ρ until δ occurs ρ, δ φ for each ρ until δ, φ have to be satisfied ρ, δ φ if ρ occurs before δ, then φ have to be satisfied ψ φ if ψ is breached, then φ have to be satisfied R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 11 /27

Syntax Semantic function ψ f : (E N) (B N) Given formula ψ and environment a f, produces a function ψ f from a trace (σ E ) and a point (i N) tells whether the formula ψ, under environment f, is satisfied at point j (tt, j) breached at point j (ff, j) pending ( ) a mapping from variables to values R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 12 /27

Syntax Obligation (ff, i) ρ, δ f (σ, i) (tt, i) ρ, δ f (σ, i + 1) Prohibition (tt, i) ρ, δ f (σ, i) (ff, i) ρ, δ f (σ, i + 1) if δ matches σ(i) if ρ matches σ(i) otherwise if δ matches σ(i) if ρ matches σ(i) otherwise Deadline takes precedence. and have dual behaviours. R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 13 /27

Syntax Conjunction ψ φ f (σ, i) = ψ f (σ, i) φ f (σ, i) Both ψ and φ have to be satisfied. Unique trigger (tt, i) ρ, δ φ f (σ, i) φ f (σ, i + 1) ρ, δ φ f (σ, i + 1) if δ matches σ(i) if ρ matches σ(i) otherwise If δ happens, the rule have reached its deadline. If ρ happens, then evaluates φ instanciated with environment updated. R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 14 /27

Syntax Multiple triggers ρ, δ φ f (σ, i) (tt, i) φ f (σ, i + 1) ρ, δ φ f (σ, i + 1) ρ, δ φ f (σ, i + 1) if δ matches σ(i) if ρ matches σ(i) otherwise If ρ happens, then evaluates φ instanciated with environment updated and continues to evaluate the whole rule ρ, δ φ (until some δ occurs). R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 15 /27

Syntax Contrary to duty (tt, j) if ψ f (σ, i) = (tt, j) ψ φ f (σ, i) φ f (σ, j) if ψ f (σ, i) = (ff, j) otherwise If ψ is satisfied, then the whole rule ψ φ is satisfied. If ψ is breached, then returns the result of the evaluation of φ. R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 16 /27

Some properties Example analysis 1 Introduction 2 The language 3 in Some properties Example analysis 4 R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 17 /27

Some properties Example analysis Some properties Impossible deadlines If e E, e never matches δ, then: ρ, δ is unbreachable ρ, δ is unsatisfiable Strength properties φ is stronger than ψ (φ ψ) φ ψ φ and φ ψ ψ ρ, δ φ ρ, δ φ φ (φ ψ) R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 18 /27

Some properties Example analysis Example analysis Within two weeks after receipt of the Software, Customer shall pay to Supplier the amount of twenty thousand Euros. [... ] In case of late payment, Customer shall pay, in addition to the due amount, a penalty of 5% of this amount Formal expression in 1 Receipt of the software (soft T d S C ) triggers once ( ) 2 Customer must ( ) pay within two weeks (T a T d + 14) 3 If customer does not pay in due time ( ), then he is charged 5% R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 19 /27

Some properties Example analysis Formal expression in soft T d S C, ff (1) ( pay(20, 000) C S, x Ta (T a T d + 14) (2) According to properties pay(21, 000) C S, ff ) (3) pay 20.000 within 14d (pay 20.000 within 14d pay (eventually) pay 21.000) Alternative obligation has no deadline...... so if the customer never pays, the rule will not be breached! The rule is way too much permissive! R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 20 /27

Related work Future work 1 Introduction 2 The language 3 in 4 Related work Future work R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 21 /27

Related work Future work Related work Modal logics L ::= p P φ ψ φ ψ φ ψ ψ ψ ψ Paradoxes of deontic logic Material implication (Good Samaritan paradox) Disjunction introduction (Ross s paradox, free choice permission paradox) Contradictory statements (Sartre s dilemma, Chisholm s paradox) R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 22 /27

Related work Future work Related work Related language (Schneider et al.) Alternative Time Logic, Propositional Dynamic Logic, modal µ-calculus, With restrictions to prevent paradoxes Conflict detection and static analysis Differences with Instantiation of rules Contrary to duty are not attached to atoms Uniformity of action/events R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 23 /27

Related work Future work Essence of legal rules Atoms: testifiers for fulfillment or violation Instantiation of rules based on context Sanction/reparation connective Technical aspects Denotational semantics Close to modal logics on finite linear trace Turned into and interpreter (written in Haskell) R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 24 /27

Related work Future work Future work Expressivity of Intuition A dual constructor φ ψ : if φ satisfied, then ψ Comparison with (real-time) temporal logics Is the language a closed subset of LTL formulae? What is the expressivity of the fragment? captures some patterns of LTL [Dwyer et al., 1999] holds weakly / holds strongly semantics for LTL [Eisner et al., 2003]: rw + : L LTL, tells if satisfied rw : L LTL, tells if breached rw + (φ) rw (φ) = ff, pending R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 25 /27

Related work Future work Thanks for your attention! Questions? R. THION, D. LE MÉTAYER : A FORMAL LANGUAGE FOR A POSTERIORI VERIFICATION OF LEGAL RULES 26 /27

Barth, A., Datta, A., Mitchell, J. C., and Nissenbaum, H. (2006). Privacy and contextual integrity: Framework and applications. In SP 06: Proceedings of the 2006 IEEE Symposium on Security and Privacy, pages 184 198, Washington, DC, USA. IEEE Computer Society. Delahaye, D., Étienne, J.-F., and Donzeau-Gouge, V. V. (2006). Reasoning about airport security regulations using the focal environment. In ISOLA 06: Proceedings of the Second International Symposium on Leveraging Applications of Formal Methods, Verification and Validation (isola 2006), pages 45 52, Washington, DC, USA. IEEE Computer Society. Dinesh, N., Joshi, A. K., Lee, I., and Sokolsky, O. (2008). Checking traces for regulatory conformance. In Leucker, M., editor, RV, volume 5289 of Lecture Notes in Computer Science, pages 86 103. Springer. Dwyer, M. B., Avrunin, G. S., and Corbett, J. C. (1999). Patterns in property specifications for finite-state verification. In ICSE 99: Proceedings of the 21st international conference on Software engineering, pages 411 420, New York, NY, USA. ACM. Eisner, C., Fisman, D., Havlicek, J., Lustig, Y., McIsaac, A., and Campenhout, D. V. (2003). Reasoning with temporal logic on truncated paths. In Jr., W. A. H. and Somenzi, F., editors, CAV, volume 2725 of Lecture Notes in Computer Science, pages 27 39. Springer. Giblin, C., Liu, A. Y., and Samuel Müllerand Birgit Pfitzmann, X. Z. (2005). Regulations expressed as logical models (REALM). In IOS Press, A., editor, Proceedings of the 18th Annual Conference on Legal Knowledge and Information Systems (JURIX 2005), pages 37 48. Johnson, C. M. and Grandison, T. (2007). Compliance with data protection laws using hippocratic database active enforcement and auditing. IBM Systems Journal, 46(2):255 264. Liu, Y., Müller, S., and Xu, K. (2007). A static compliance-checking framework for business process models. IBM Systems Journal, 46(2):335 362.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback