Projects
− templates − ontologies − policies
Projects
− templates − ontologies − policies
Projects
Templates Ontologies
Policies and Sets Interpretations
Scenarios Semantics
Policy Exchange/ Artifact Sharing
Templates Ontologies
Policies and Sets Scenarios
Taxonomic search
Vulcan ForgeVulcan ForgeVulcan Forge Vulcan ForgeVulcan Forge
Highly Scalable Cloud Infrastructure
User Management Collaboration Tools Trust Management Infrastructure
Management
Generator Tools Policy Text Tools Policy Modeling Tools
Policy Modeling Tools
Policy Makers Policy Makers Policy Makers
HIEs HIEs HIS, HIE, ACO etc.
Policy sets for Enforcement
Points
Collaborative Policy Creation and Analysis
Vulcan ForgeVulcan Forge
and Analysis
HealthCare Organizations
and Analysis
HealthCare Organizations Organizations
HealthCareOrganizations
HealthCare Organizations
Policy MakersPolicy MakersPolicy Makers
Privacy Advocates and Researchers
Privacy Advocates and Researchers
Privacy Advocates and Researchers
Sharing CollaborationSharing Collaboration
Privacy Policies, HIEs and ACOs Policy Forge Architecture
Reasoning Framework using Formula Policy Formalization Problem
Screenshots
Templates and Semantic Anchoring
A Collaborative Environment for Formalizing Privacy Policies in Health Care Andras Nadas, Tihamer Levendovszky, Laszlo Juracz, Janos Sztipanovits, Mark E. Frisse, Ann J. Olsen
… Not feasible for• Large sets of policies• Multiple systems/semantics• Verification/Validation
PoliciesPoliciesInst.Policies
PoliciesPoliciesStatePolicies
Hand written CodeRead
andUnderstand Think
andWrite
PoliciesPoliciesFederalPolicies
Read
Hand written Code
FormalPolicy
Models
FormalPolicy
Models
Policies Generated
Code
Readand
Understand ReadFormalPolicy
Models
Think Write
Policies
Readand
Understand
Think
Policies
Readand
Understand Think
To make it scale: Divide and Conquer approach for
the human aspects Formal Model Representation for
the technical issues
• Ontologies represent the formal knowledge base
• Documents from the library can be annotated by ontology terms
• Words and expressions from the text can be used to create elements in an ontology.
• Ontologies can be imported from standards (rdf-owl and json-ld).
• Uses imported templates as the language.• Multiple languages can coexist and can be
combined if their representation and semantics enables it.
• We prefer graphical languages but textual languages will also be supported(as long as they are formal and meets environmental constraints.)
• Use Cases are simple clinical workflows represented on a timeline.
• Concentrates on data flows between systems and accesses by users.
• The dataflow is check to conform to a selected set of policies. • The policy set is also checked for internal
consistency.
Patterns: <structure> || <ontology>||<logics> Example:
SUBJECT allowed to perform OPERATION on OBJECT given that CONSTRAINT are met
SUBJECT,OPERATION and OBJECT are defined by ontologiesACCESS CONDITIONS are defined with first order logic expressionsRESTRICTIONS are defined with first order logic constraints
Execution/Analysis Domains
TranslatorsPolicies PATRN
Policy Text FORMUL
AFORMUL
AFORMUL
AFORMULA, prolog,
Etc.
ModelTranslator(execution
domain specific)
Ontologies
Templates
Policy Models
Semantic anchors
Execution domain
specification
Ontologie
TemplatePolicy
PatternsPolicy
Semantic
Template
Policy ModelsModels
Semantic
Policy A, prolog,
Building Blocks Specialization
Federal, State,
Institutional Privacy Policies
1.Recognize the common patterns used in the textual policy descriptions. These patterns will form the templates in PATRN.
2.Compile the object and actors of the policies and organize them into ontologies.
3.Formal policy models are composed from the templates and ontologies.
4.Using the semantic anchors, the formal policy models can be translated for analysis or enforcement.
Instance Model Metamodel
Semantic Domain
(Term Algebraic Representation)
Semantic Models (Formal
Structures in Term Algebra)
Instance Model (Term Algebraic Representation)
Metamodel (Term Algebraic Representation)
Semantic Mapping Rules
(Logic Programs)
Semantic Mapping (Execution of Logic
Programs) Specifies
Defines
Defines
Instantiates
Intuitions, standards,
and variations
Updates, Revisions extensions
Testing and
verification
Specification for Operational Semantics
(Logic Program)
Grounding Denotational Semantics in Mathematics
Structural Constraints
Structural Constraints
FORMULA Specification
Symbolic Execution SMT Formula
Guess symbolic world
Add symmetry breaking Z3 Solver
Pick next region
Encode solution region
Try something new
Use state-of-the-art satisfiability modulo theories (SMT) solver Z3 to solve quantifier-free formulas.
• Open World Reasoning:• Facts and Rules• Open World Queries
• P?G: Find a closure of the program by ground facts where a goal is satisfied. E. g. “Is document id accessible by x?"
• P[F]: Partially close P with facts F and remove “new” marking from all associated data types. E.g. Can x access any documents?
• Term Algebraic Data Types• Formula adds data types to logic programming• Data types are “algebraic”, i.e. they are functions that create data• A data constructor always constructs the same value when
provided the same arguments• Two values are the same if and only if they were constructed by the
same constructor with the same arguments
• A system for modeling with logic• Generic; not specifically designed to model software.• Specifications are written as “open-world” logic programs.• FORMULA 2.0 can verify, synthesize, transform, compile and
check models all with logic• Z3 SMT Solver
1. K. Krasnow Waterman at MIT Pre-processing Legal Text: Policy Parsing and Isomorphic Intermediate Representation 2. Helen Nissenbaum: Contextual Integrity3. Mitchell, Datta (Stanford and CMU’s) Policy Formalization in Prolog
Policy Forge Workflow
Privacy Policies:• Federal (HIPAA, HITECH, Omnibus)• State (Mental Health, Genetics, STD, HIV, etc.) • Institutional (Notice of Privacy Practices, IRBs, etc.)• Patient Preferences (Opt-out)
• Increased punishment for privacy validation• Increased risk aversion of institutional policy makers
Health Information Exchanges (HIEs):• Increased adoption of EHRs• Pressure for more affordable care• Move towards coordinated care
• Accountable Care Organizations (ACOs)
• More pressure for sharing health information• Conflicts with risk aversion
Develop an engineering method that provides the right provisions to enable functioning HIEs of all size.
Readand
Understand
Policy Formalization is complex… 1
• Have to understand legal domain, context and language• Have to understand formal domain, context and language… but feasible for a small set of policies and experimentation 2,3.
Hand written Code
Readand
Understand
Thinkand
WritePolicies
SHARPS
Team for Research in Ubiquitous Secure Technology