policy governance via social...
TRANSCRIPT
![Page 1: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/1.jpg)
Policy Governance via Social Norms
Ozgur Kafalı
Department of Computer ScienceNorth Carolina State University
SoS Quarterly Lablet Meeting at College Park, UMDOctober 26, 2015
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 1 / 40
![Page 2: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/2.jpg)
Agenda
Today: tutorial on policyPolicies and normsProblem domainsSociotechnical systemsMethods and tools
Tomorrow: specific application of social normsFormalization of norms in temporal logicRelations among normsRevision patternsUse case from healthcare
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 2 / 40
![Page 3: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/3.jpg)
Research Background
Areas ofInterest
Artificial Intelligence Multiagent Systems(Distributed AI)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 3 / 40
![Page 4: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/4.jpg)
Research Background
Areas ofInterest
Artificial Intelligence Multiagent Systems(Distributed AI)
SpecificExpertise
ComputationalLogic
ModelChecking
AgentPlatforms
Agent Interaction
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 3 / 40
![Page 5: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/5.jpg)
Research Background
Areas ofInterest
Artificial Intelligence Multiagent Systems(Distributed AI)
SpecificExpertise
ComputationalLogic
ModelChecking
AgentPlatforms
Agent Interaction
ApplicationDomains
SocialNetworks
Bioinformatics Healthcare E-Commerce
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 3 / 40
![Page 6: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/6.jpg)
Research Background
Areas ofInterest
Artificial Intelligence Multiagent Systems(Distributed AI)
SpecificExpertise
ComputationalLogic
ModelChecking
AgentPlatforms
Agent Interaction
ApplicationDomains
SocialNetworks
Bioinformatics Healthcare E-Commerce
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 3 / 40
![Page 7: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/7.jpg)
Outline
1 Social Side of Security
2 Policy-Governed Systems
3 Sociotechnical Systems (STS)
4 Social Norms
5 Security Properties
6 Formal Methods and Tools
7 Open Challenges
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 4 / 40
![Page 8: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/8.jpg)
Social Side of Security
Security Big Picture
Collaboration among multiple users (often confused and careless)Policy at technical level
Access control (logical and physical resources)Logging requirements
Policy at social levelRegulate how users engage with each otherModel exceptions (when something goes wrong)
[Singh, AAMAS, 2015]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 5 / 40
![Page 9: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/9.jpg)
Social Side of Security
Current Research Efforts
Most security efforts focus on the technical (software) levelRegimentedControl focused
Vulnerabilities due to user behaviorSharing passwordsNot applying important security patches
Some recent efforts directed to the social levelSocial normsSociotechnical systems
Unifying framework to understand tradeoffs between architectures
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 6 / 40
![Page 10: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/10.jpg)
Policy-Governed Systems
Policy and Governance
Policy: description of behavior (intention)documented statements of an organizationprivacy policy describing the intent of how data will be used
Governance: exercise of control (plan)how specific policy details are carried out as processessubject to laws, norms, powertraditional management: top-down hierarchical modelpeer-to-peer model: administration by the stakeholders
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 7 / 40
![Page 11: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/11.jpg)
Policy-Governed Systems
Policies Everywhere
Effect everyday lives of peopleDifferent (possibly conflicting) security policiesOne’s security might be another’s restrictionNCSU policy effort directed to
Understanding the balance between safety and liveness of usersBuilding formal models of security policies and normsResolving conflicts among policiesUnderstanding the effects of personality and sanctions on policyUnderstanding policy complexity
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 8 / 40
![Page 12: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/12.jpg)
Policy-Governed Systems
Cybersecurity Domains: Healthcare
HIPAA privacy rule for public healthemergencyOriginal provision: Obtain patient’sagreement to speak with family membersIf president declares a disasterThen, secretary may waive sanctions andpenalties regarding the provision
POLICIES SHOULD BE FLEXIBLE
http://www.hhs.gov/ocr/privacy/hipaa/faq/disclosures in emergency situations© https://www.propublica.org/
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 9 / 40
![Page 13: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/13.jpg)
Policy-Governed Systems
Cybersecurity Domains: Healthcare
HIPAA privacy rule for public healthemergencyOriginal provision: Obtain patient’sagreement to speak with family membersIf president declares a disasterThen, secretary may waive sanctions andpenalties regarding the provisionPOLICIES SHOULD BE FLEXIBLE
http://www.hhs.gov/ocr/privacy/hipaa/faq/disclosures in emergency situations© https://www.propublica.org/
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 9 / 40
![Page 14: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/14.jpg)
Policy-Governed Systems
Cybersecurity Domains: Secure Building
Adaptive securityStatic: Visiting techniciansonly allowed in rooms they’resupposed to carry out workDynamic: People only allowedin the server room withauthorized staff
POLICIES SHOULD BEADAPTIVE
Tsigkanos et al., RE, 2014Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 10 / 40
![Page 15: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/15.jpg)
Policy-Governed Systems
Cybersecurity Domains: Secure Building
Adaptive securityStatic: Visiting techniciansonly allowed in rooms they’resupposed to carry out workDynamic: People only allowedin the server room withauthorized staffPOLICIES SHOULD BEADAPTIVE
Tsigkanos et al., RE, 2014Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 10 / 40
![Page 16: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/16.jpg)
Policy-Governed Systems
Privacy Domains: Social Networks and Mobile Apps
Different regulations about sharing of user dataSocial networking sites team up with popular mobile apps
Low user awareness, acknowledgment of privacy policiesUsers at most read the top-level policy, ignore all othersHow does the social network interact with the mobile app?How does the mobile app interact with 3rd parties?
POLICIES ARE COMPLEX
© http://www.coffeexperts.eu/privacy-policy/
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 11 / 40
![Page 17: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/17.jpg)
Policy-Governed Systems
Privacy Domains: Social Networks and Mobile Apps
Different regulations about sharing of user dataSocial networking sites team up with popular mobile apps
Low user awareness, acknowledgment of privacy policiesUsers at most read the top-level policy, ignore all othersHow does the social network interact with the mobile app?How does the mobile app interact with 3rd parties?
POLICIES ARE COMPLEX
© http://www.coffeexperts.eu/privacy-policy/
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 11 / 40
![Page 18: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/18.jpg)
Policy-Governed Systems
Privacy Domains: Aviation
Should the privacy of the pilot be traded for flight safety?Patient doctor confidentiality prohibits sharing of psychologicaltendencies early onChanges to aviation policies after the incident
Two authorized personnel in the cockpitSharing of psychological assessment with airlines (prior to hiring)
POLICIES NEED REVISION
© https://www.flickr.com/Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 12 / 40
![Page 19: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/19.jpg)
Policy-Governed Systems
Privacy Domains: Aviation
Should the privacy of the pilot be traded for flight safety?Patient doctor confidentiality prohibits sharing of psychologicaltendencies early onChanges to aviation policies after the incident
Two authorized personnel in the cockpitSharing of psychological assessment with airlines (prior to hiring)
POLICIES NEED REVISION
© https://www.flickr.com/Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 12 / 40
![Page 20: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/20.jpg)
Sociotechnical Systems (STS)
STS Definition
A social organization, wherein autonomous agents that representstakeholders interact with each other through (and about)technical components
Normative focusPromote collaboration among stakeholders via social architecture
People and processes, as well as technological systemsProcess definitions outline how the system designers intend thesystem should be usedIn practice, users interpret and adapt them in unpredictable ways,depending on education, experience, culture
[Singh, ACM TIST, 2013] [Sommerville et al., Communications of ACM, 2012]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 13 / 40
![Page 21: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/21.jpg)
Sociotechnical Systems (STS)
Architecture of an STS
Requirements
Stakeholders Agent . . . Agent
NormsAssumptionsMechanisms
Functional and ControlComponents
interact
realizedin
regulate
identify
specify
Social TierTechnical Tier
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 14 / 40
![Page 22: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/22.jpg)
Sociotechnical Systems (STS)
Social Organizations: Hospital Administration
RolesAdministratorPhysicianTechnicianPatient
Technical regulationsAccess to patient records (software level)Traceability for sharing patient data (logging level)Access to emergency department (physical level)
Social interactionsCalling out patients in the waiting areaPhysician discussing patient’s condition with lab technician
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 15 / 40
![Page 23: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/23.jpg)
Sociotechnical Systems (STS)
STS Challenges
How to monitor, detect warning signs?Unusual access to patient records
How to recover from failure?Patient information shared with colleague vs published online
Regulation for safety-critical systemsWho can access the server room?
Nondeterministic behavior and probabilistic verificationEffect of having strict authentication rules on patients’ survivabilityin emergencies?
Sommerville et al., Communications of ACM, 2012Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 16 / 40
![Page 24: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/24.jpg)
Sociotechnical Systems (STS)
Technical vs Social Architecture
Balance between technical and social architectureSocial gain: improve flexibility without trading away security
Grant all available physicians access to emergency records withoutconsentProvide traceability and accountability via authentication logs
Technical gain: improve security without trading away flexibilityProvide central registry for physicians (global authentication)Call out all available physicians from an area in case of disaster
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 17 / 40
![Page 25: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/25.jpg)
Sociotechnical Systems (STS)
Technical vs Social Architecture
Balance between technical and social architectureSocial gain: improve flexibility without trading away security
Grant all available physicians access to emergency records withoutconsentProvide traceability and accountability via authentication logs
Technical gain: improve security without trading away flexibilityProvide central registry for physicians (global authentication)Call out all available physicians from an area in case of disaster
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 17 / 40
![Page 26: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/26.jpg)
Sociotechnical Systems (STS)
Technical vs Social Architecture
Balance between technical and social architectureSocial gain: improve flexibility without trading away security
Grant all available physicians access to emergency records withoutconsentProvide traceability and accountability via authentication logs
Technical gain: improve security without trading away flexibilityProvide central registry for physicians (global authentication)Call out all available physicians from an area in case of disaster
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 17 / 40
![Page 27: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/27.jpg)
Sociotechnical Systems (STS)
Interoperability in STS
Collaboration among stakeholdersPhysician consulting a colleagueRegulations regarding what can be discussed and howSharing patient information via e-mail is traceable (technical level)Talking about a patient over lunch may not always be traceable(social level)
Composition of STS: hospital and pharmacyWeb service for prescription of drugs (technical level)Pharmacist is prohibited from editing physician’s prescription (sociallevel)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 18 / 40
![Page 28: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/28.jpg)
Sociotechnical Systems (STS)
Interoperability in STS
Collaboration among stakeholdersPhysician consulting a colleagueRegulations regarding what can be discussed and howSharing patient information via e-mail is traceable (technical level)Talking about a patient over lunch may not always be traceable(social level)
Composition of STS: hospital and pharmacyWeb service for prescription of drugs (technical level)Pharmacist is prohibited from editing physician’s prescription (sociallevel)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 18 / 40
![Page 29: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/29.jpg)
Sociotechnical Systems (STS)
Exceptions
Handle deviations from normal executionAvoiding all exceptions is impracticalException for one user might have no effect on anotherNot all exceptions are bad
Physician informs the public about an outbreakAgainst the regulations for sharing patient related informationViolation is necessary to protect the health and safety of the public
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 19 / 40
![Page 30: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/30.jpg)
Social Norms
Brief History
A norm represents a social regulation between two autonomousentitiesIdeas from law
Claim (right), privilege, power, immunityEach act of promising is an act of the same type as an act orprocess of enactment of a lawFrom individual to groups and organizations
A popular approach in distributed AINormative systems to model artificial organizationsAgents reason upon norms
[Hohfeld, 1919] [Castaneda, 1975] [Castelfranchi, 1995] [Singh, 1999]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 20 / 40
![Page 31: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/31.jpg)
Social Norms
Norm Types: Commitment
Practical: ‘I will do [P] if [Q] happens’
e.g., commitment to log out from public computers
c(physician, hospital, public ∧ EHR, log out)
Dialectical: ‘[P] is true’
e.g., ‘I logged out immediately after I’ve reviewed patient’s EHR’
d(physician, hospital, logged out)
Violated if proven otherwise (e.g., via logs)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 21 / 40
![Page 32: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/32.jpg)
Social Norms
Norm Types: Commitment
Practical: ‘I will do [P] if [Q] happens’
e.g., commitment to log out from public computers
c(physician, hospital, public ∧ EHR, log out)
Dialectical: ‘[P] is true’
e.g., ‘I logged out immediately after I’ve reviewed patient’s EHR’
d(physician, hospital, logged out)
Violated if proven otherwise (e.g., via logs)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 21 / 40
![Page 33: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/33.jpg)
Social Norms
Norm Types: Authorization
‘You may do [P] if [Q] happens’
e.g., authorization to access patient records
a(physician, hospital, consent, EHR)
Violated if EHR is accessed without consent (if permitted bysoftware)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 22 / 40
![Page 34: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/34.jpg)
Social Norms
Norm Types: Prohibition
‘You should not do [P] if [Q] happens’
e.g., prohibition for accessing nonpatient EHR
p(physician, hospital, ¬own patient(Patient), EHR(Patient))
Violated if physician accesses a patient’s EHR other than her own
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 23 / 40
![Page 35: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/35.jpg)
Social Norms
Norm Types: Sanction
Penalty for violating normsHospital administration punishes the physician for accessingpatient’s records without consentMay be escalated to higher authorityMay be used to update the reputation of a stakeholder
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 24 / 40
![Page 36: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/36.jpg)
Social Norms
Norm Types: Power
Ability to alter the norms between two or more stakeholdersHospital administration has the power to revise regulationsregarding the use of public computersBoth authorization and power are privileges to perform additionalactions without being required to do so
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 25 / 40
![Page 37: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/37.jpg)
Social Norms
Norm Lifecycle and Operations
Conditional
Expired
Detached
Satisfied Violated
dant
ant
con con dcon
Conditional
Expired
Detached
Satisfied Violated
dant
antdcon
con con
Conditional
Expired
Detached
Satisfied Violated
dant
ant
con dcon con
commitment authorization prohibition
Norm(Subject, Object, Antecedent, Consequent)Main operations: create, detach, expire, satisfy, violateAdditional operations: suspend, resume, delegate, assign
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 26 / 40
![Page 38: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/38.jpg)
Social Norms
Time-Aware Norms
Extend norms with deadlines
Absolute deadline: ‘Emergency physician is authorized to accesspatient records until the end of the day’
Relative deadline: ‘If the patient’s condition gets worse, physicianhas to operate within two hours’
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 27 / 40
![Page 39: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/39.jpg)
Social Norms
Norms in the Literature
Design / revision of norms (minimise misconfiguration)Resolve conflictsMultiagent systems literature
Normative systems for artificial institutionsDelegation of control, powerDoes not go beyond conceptualization
Security norms fairly unexplored
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 28 / 40
![Page 40: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/40.jpg)
Security Properties
Formal Properties
Liveness: achieve goals of stakeholdersRobustness: how hard to violate norms
Regarding users (privacy)Regarding data (confidentiality)
Resilience: easy recoverability from misuseFind who is responsible (traceability)Apply sanction (accountability)Required number of steps for full recovery
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 29 / 40
![Page 41: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/41.jpg)
Security Properties
Methods for Evaluation
Formal modelsSpecification of norms in formal logicDesign time verificationRun time monitoringDiagnosis for misuse via loggingRecovery via sanctioning
Empirical techniquesGame design for human involvementUnderstanding policy complexity
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 30 / 40
![Page 42: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/42.jpg)
Security Properties
Tradeoffs among Designs
Healthcare emergency scenarioLiveness: patient should be operated before the operationdeadlineRobustness: only authenticated physicians can access patient’sEHRResilience: access to EHR should be logged
Nonemergency scenario: operation can be delayed until anauthorized physician is availableEmergency scenario: risk of not operating immediately might beworse than most security concerns
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 31 / 40
![Page 43: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/43.jpg)
Formal Methods and Tools
Relevant AI and MAS Literature
Agent-based simulationGame theorySocial choiceConstraintsLearningArgumentationHuman modelingMultiagent system engineering
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 32 / 40
![Page 44: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/44.jpg)
Formal Methods and Tools
Formal Logic
Propositional logic (atomic propositions)
First order (predicate) logic: ∀, ∃ quantifiers
∀X : physician(X ) → c(X ,hospital , treat)
Temporal logiclinear time: LTL has quantifiers over states (G, F, X, U)
treat U healthy
branching time: CTL has quantifiers over paths (A, E)
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 33 / 40
![Page 45: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/45.jpg)
Formal Methods and Tools
Model Checking
Verify whether a specification satisfies certain propertiesSystem behavior formalized as a transition system (FSM)Properties represented in temporal logicGenerate all possible worlds, check properties
Liveness: AG (emergency → AF access EHR)
Safety: AG (¬disclose PHI)
[Clarke et al., MIT Press, 1999]© http://www.csfieldguide.org.nz/FormalLanguages.html
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 34 / 40
![Page 46: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/46.jpg)
Formal Methods and Tools
AI Planning
How to go from an initial state to a goal state?Associate costs with actionsCome up with a plan, and report total costPlanning tools: STRIPS, HTN, SHOP
[Nau et al., JAIR, 2003]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 35 / 40
![Page 47: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/47.jpg)
Formal Methods and Tools
Argumentation
Resolving Goal Conflicts
Competing hypotheses
Categories of argumentsLegal consequences
Organizational policies
Individual preferences
[Murukannaiah et al., RE, 2015]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 36 / 40
![Page 48: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/48.jpg)
Formal Methods and Tools
Trust
Trustworthiness of a sociotechnical systemIndividual view points based on the states of norms
c(hospital, patient, records, protect PHI)sanction to hospitals by the government
leads to
T(patient, hospital, records, protect PHI)
[Chopra et al., ER, 2011]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 37 / 40
![Page 49: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/49.jpg)
Formal Methods and Tools
Simulation and Modeling Environments
NetLogo multiagentsimulation frameworkSocial simulations withagentsUnderstand the effect ofsanction
IndividualGroup
MetricsUsabilityEffortVariance of solutions
https://ccl.northwestern.edu/netlogo/[Du et al., HotSoS, 2015]Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 38 / 40
![Page 50: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/50.jpg)
Formal Methods and Tools
Ontologies
OWL ontologylanguageTaxonomy of conceptsProperties for conceptsRelations amongconcepts, propertiesSimilarity metrics
http://www.w3.org/TR/owl-features/http://protege.stanford.edu/Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 39 / 40
![Page 51: Policy Governance via Social Normsmas.cmpe.boun.edu.tr/ozgur/files/presentations/Kafali-WS-Policy.pdfSoS Quarterly Lablet Meeting at College Park, UMD October 26, 2015 Ozg¨ ¨ur Kafalı](https://reader034.vdocument.in/reader034/viewer/2022042413/5f2d98c7fcfb394a855dedd2/html5/thumbnails/51.jpg)
Open Challenges
Unexplored Areas for Policy Research
Developing mathematical models for sociotechnical systemsFormalizing security propertiesUnderstanding real-life policiesValidation and dissemination of the developed models
Ozgur Kafalı (NCSU) Policy Governance via Social Norms October 26, 2015 40 / 40