A Modeling Language to Model Norms

Karen Figueiredo Viviane Torres da Silva

{kfigueiredo,viviane.silva}@ic.uff.br

Universidade Federal Fluminense (UFF)

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

Introduction

Norms regulate the behavior of agents in open MAS

Norms can be defined at design time and at runtime

The definition of norms at design time is important to:– keep the alignment of the norms with the systems

elements, such as its entities and the actions that they execute

– detect and solve some conflicts between norms at design time (at least, part of the conflicts)

Our goals on this paper...

To investigate the properties and the characteristics of norms

To find out if the MAS languages, methodologies and models give support to – The modeling of such properties– To the checking of conflicts at design time

To present the preliminary version of the normative modeling language called NormML

Properties and Characteristics of a Norm

Based on the study of 10 specification and implementation languages for norms

Premise: Norms restrict the behavior of system entities during a period of time and define the sanctions applied when violated or fulfilled.

Static aspects: the key elements that compose a norm– Deontic concept, involved entities, actions, activation constraints,

sanctions and context

Dynamic aspects– Creation, cancelation and delegation

Static Aspects

Deontic concept: the restriction kind– permission, obligation or prohibition

Entity whose behavior is being regulated:– agents, all agents playing a given role, an agent playing a given role or

group of agents Action/state being regulated:

– communicative or non-communicative actions– state of the system

Activation/deactivation constraints:– the execution of an action, time intervals, achievement of system state

or the activation/deactivation/fulfillment/violation of a norm Sanction:

– punishments or rewards Context:

– Organization, environment, interaction or scene

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

Background

Metamodels: define the vocabulary used by the modeling languages– Models are instances of metamodels– Well-formed rules: invariants of the metamodel that

guarantees the consistency of the models to its metamodel

Role Based Access Control (RBAC)– security policies specify the permissions that a user has

under a given role, while trying to access system resources

Background

SecureUML+ComponentUML– Designed specifically for RBAC modeling– Well-defined syntax– Has a formal semantics

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

NormML: a normative modeling language

Deontic Concepts

Obligation Prohibition Permission

Involved Entities

Role Agent Agent playing Role Organization

Actions I/II

Each resource kind is related to a set of actions that can be used to control the access to the resource.

Atomic and composite actions

Resource Actions

Entity create, read, update, delete, full access

Attribute read, update, full access

Method execute

AssociationEnd read, update, full access

AgentAction execute

Message send, receive, full access

Actions I/II

Activation / Deactivation Constraint

Norm is active during a certain period of time delimited by– The execution of actiond– The achievement of deadlined– The achievement of a given state

Sanctions

Punishment if the agent violates the norm Reward if the agent fulfils the norm

Context

The scope of the norm– The organization where the norm is defined– The environment where the norm is defined

Example I/II

N1: All agents executing in the context of the environment MarketPlace are prohibited to read and update—attributeFullAccess—the attribute price of the entity good.

Example II/II

N2: Sellers are permitted, in the context of the organization WebStore that inhabits the environment MarketPlace, to update the attribute price of the entity good before it opens for sale.

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

Vadating the Norms I/III

1. Well-formed rules– Invariants of the metamodel that its models must fulfill

– Written in OCL

a) E.g.:The resource Attribute can only be linked to the actions AtomicRead, AtomicUpdate and AttributeFullAccess

b) E.g.:The resource AgentAction can only be linked to the action AtomicExecute

Validating the Norms II/III

2. Checking for conflicts between norms

a) Deontic concept:– Obligation x prohibition– Permission x prohibition – Permission x obligation in the period the permission is not activated

b) Entities whose behavior are being regulated:– agents, all agents playing a given role, an agent playing a given role or

group of agents– between norms applied to the same entity; – between a norm defined to a role and a norm defined to an agent that

can play a role; – between norms applied to different roles played by the same agent; – between the norms applied to roles in a hierarchy of roles;

Validating the Norms III/III

c) Actions/state being regulated:– the actions being regulated by the norms are of the same type on the

same resource– one of the actions is an AtomicRead and the other an AtomicUpdate to

the same attribute of an Entity or the same association end of an Association

– one of the actions is an AttributeFullAccess and the other is an AtomicRead or an AtomicUpdate to the same attribute of the same Entity

– …..

d) Activation/deactivation constraints:– one of the norms is not restricted to any condition: it is always active– the periods established by the invariants Before, After, Between

intersect

Example of Conflict

organization WebStore is situation in environment MarketPlace

N1 is applied to all agents and N2 to agents playing the role Seller

N1 is a prohibition and N2 a permission

N1: attributeFullAccessN2: attributeUpdate

N1: always activatedN2: before clause

Outline

Introduction Goals of the paper Background

– Metamodeling– RBAC– SecureUML+ComponentUML

NormML Validating Norms

– Well-formed rules– Checking for conflicts

Conclusion

Conclusion

None of the analyzed modeling languages gives support to the modeling of the main elements that compose a norm

Such elements were found out after studing 10 specification and implementation languages– Current version of NormML is able to model all the elements that

compose a norm

OCL invariants and queries are being implemented and checked by using EOS, a Java component which implements OCL2.0

evaluation on model scenarios

Future work:– To finish the algorith to check for conflicts

– To finish the implementation of all well-formeness rules

– ....

A Modeling Language to Model Norms

Thank!!

Karen Figueiredo Viviane Torres da Silva

{kfigueiredo, viviane.silva}@ic.uff.br

Universidade Federal Fluminense