Search for: All records

We model a multiagent system (MAS) in socio-technical terms, combining a social layer consisting of norms with a technical layer consisting of actions that the agents execute. We express stakeholder needs to ensure that a MAS demonstrates resilience, allowing it to recover effectively from failures within a brief timeframe. This extended abstract presents a framework that computes probabilistic and temporal guarantees on whether the underlying requirements are met or, if failed, recovered. An important contribution of the framework is that it shows how the social and technical layers can be modeled jointly to enable the construction of resilient systems of autonomous agents. This paper facilitates specification refinement through methodological guidelines, emphasizing joint modeling of social and technical layers. We demonstrate our framework using a manufacturing scenario with competing public, industrial, and environmental requirements. This is an extended abstract of our JAAMAS paper available online. 

Policy design is an important part of software development. As security breaches increase in variety, designing a security policy that addresses all potential breaches becomes a nontrivial task. A complete security policy would specify rules to prevent breaches. Systematically determining which, if any, policy clause has been violated by a reported breach is a means for identifying gaps in a policy. Our research goal is to help analysts measure the gaps between security policies and reported breaches by developing a systematic process based on semantic reasoning. We propose SEMAVER, a framework for determining coverage of breaches by policies via comparison of individual policy clauses and breach descriptions. We represent a security policy as a set of norms. Norms (commitments, authorizations, and prohibitions) describe expected behaviors of users, and formalize who is accountable to whom and for what. A breach corresponds to a norm violation. We develop a semantic similarity metric for pairwise comparison between the norm that represents a policy clause and the norm that has been violated by a reported breach. We use the US Health Insurance Portability and Accountability Act (HIPAA) as a case study. Our investigation of a subset of the breaches reported by the US Department of Health and Human Services (HHS) reveals the gaps between HIPAA and reported breaches, leading to a coverage of 65%. Additionally, our classification of the 1,577 HHS breaches shows that 44% of the breaches are accidental misuses and 56% are malicious misuses. We find that HIPAA's gaps regarding accidental misuses are significantly larger than its gaps regarding malicious misuses.