A Modeling Language to Model Norms Karen Figueiredo Viviane Torres da Silva Universidade Federal Fluminense (UFF)
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
Introduction Norms regulate the behavior of agents in open MAS Norms can be defined at design time and at runtime The definition of norms at design time is important to: – keep the alignment of the norms with the systems elements, such as its entities and the actions that they execute – detect and solve some conflicts between norms at design time (at least, part of the conflicts)
Our goals on this paper... To investigate the properties and the characteristics of norms To find out if the MAS languages, methodologies and models give support to – The modeling of such properties – To the checking of conflicts at design time To present the preliminary version of the normative modeling language called NormML
Properties and Characteristics of a Norm Based on the study of 10 specification and implementation languages for norms Premise: Norms restrict the behavior of system entities during a period of time and define the sanctions applied when violated or fulfilled. Static aspects: the key elements that compose a norm – Deontic concept, involved entities, actions, activation constraints, sanctions and context Dynamic aspects – Creation, cancelation and delegation
Static Aspects Deontic concept: the restriction kind – permission, obligation or prohibition Entity whose behavior is being regulated: – agents, all agents playing a given role, an agent playing a given role or group of agents Action/state being regulated: – communicative or non-communicative actions – state of the system Activation/deactivation constraints: – the execution of an action, time intervals, achievement of system state or the activation/deactivation/fulfillment/violation of a norm Sanction: – punishments or rewards Context: – Organization, environment, interaction or scene
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
Background Metamodels: define the vocabulary used by the modeling languages – Models are instances of metamodels – Well-formed rules: invariants of the metamodel that guarantees the consistency of the models to its metamodel Role Based Access Control (RBAC) – security policies specify the permissions that a user has under a given role, while trying to access system resources
Background SecureUML+ComponentUML – Designed specifically for RBAC modeling – Well-defined syntax – Has a formal semantics
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
NormML: a normative modeling language
Deontic Concepts Obligation Prohibition Permission
Involved Entities Role Agent Agent playing Role Organization
ActionsI/II Each resource kind is related to a set of actions that can be used to control the access to the resource. Atomic and composite actions ResourceActions Entitycreate, read, update, delete, full access Attributeread, update, full access Methodexecute AssociationEndread, update, full access AgentActionexecute Messagesend, receive, full access
ActionsI/II
Activation / Deactivation Constraint Norm is active during a certain period of time delimited by –The execution of actiond –The achievement of deadlined –The achievement of a given state
Sanctions Punishment if the agent violates the norm Reward if the agent fulfils the norm
Context The scope of the norm –The organization where the norm is defined –The environment where the norm is defined
ExampleI/II N1: All agents executing in the context of the environment MarketPlace are prohibited to read and update— attributeFullAccess—the attribute price of the entity good.
ExampleII/II N2: Sellers are permitted, in the context of the organization WebStore that inhabits the environment MarketPlace, to update the attribute price of the entity good before it opens for sale.
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
Vadating the NormsI/III 1.Well-formed rules –Invariants of the metamodel that its models must fulfill –Written in OCL a)E.g.:The resource Attribute can only be linked to the actions AtomicRead, AtomicUpdate and AttributeFullAccess b)E.g.:The resource AgentAction can only be linked to the action AtomicExecute
Validating the NormsII/III 2.Checking for conflicts between norms a)Deontic concept: –Obligation x prohibition –Permission x prohibition –Permission x obligation in the period the permission is not activated b)Entities whose behavior are being regulated: –agents, all agents playing a given role, an agent playing a given role or group of agents –between norms applied to the same entity; –between a norm defined to a role and a norm defined to an agent that can play a role; –between norms applied to different roles played by the same agent; –between the norms applied to roles in a hierarchy of roles;
Validating the NormsIII/III c)Actions/state being regulated: –the actions being regulated by the norms are of the same type on the same resource –one of the actions is an AtomicRead and the other an AtomicUpdate to the same attribute of an Entity or the same association end of an Association –one of the actions is an AttributeFullAccess and the other is an AtomicRead or an AtomicUpdate to the same attribute of the same Entity – ….. d)Activation/deactivation constraints: –one of the norms is not restricted to any condition: it is always active –the periods established by the invariants Before, After, Between intersect
Example of Conflict organization WebStore is situation in environment MarketPlaceN1 is applied to all agents and N2 to agents playing the role Seller N1 is a prohibition and N2 a permission N1: attributeFullAccess N2: attributeUpdate N1: always activated N2: before clause
Outline Introduction Goals of the paper Background –Metamodeling –RBAC –SecureUML+ComponentUML NormML Validating Norms –Well-formed rules –Checking for conflicts Conclusion
Conclusion None of the analyzed modeling languages gives support to the modeling of the main elements that compose a norm Such elements were found out after studing 10 specification and implementation languages –Current version of NormML is able to model all the elements that compose a norm OCL invariants and queries are being implemented and checked by using EOS, a Java component which implements OCL2.0 evaluation on model scenarios Future work: –To finish the algorith to check for conflicts –To finish the implementation of all well-formeness rules –....
A Modeling Language to Model Norms Thank!! Karen Figueiredo Viviane Torres da Silva {kfigueiredo, Universidade Federal Fluminense