Context-Aware Analysis of Data Sharing Agreements

A Data Sharing Agreement is an agreement among contracting parties regulating how they share data under certain contextual conditions. Upon the definition phase, where the parties negotiate the respective authorizations on data covered by the agreement, the resulting policy may be analysed in order to identify possible conflicts or incompatibilities among authorizations clauses. In this paper, we propose a formal framework for Data Sharing Agreement analysis. Our proposal is built on a process algebra formalism dealing with contextual data, encoded into the Maude engine to make it executable. The effectiveness of the analysis is shown through a sensitive data sharing test bed. Furthermore, we present an implementation of the analyser exposed as a Web Service built on top of Maude. The Web Service technology allows the modularity of the whole architecture with respect to the analysis tool

Modelling and verifying contract-oriented systems in Maude

We address the problem of modelling and verifying contractoriented systems, wherein distributed agents may advertise and stipulate contracts, but — differently from most other approaches to distributed agents — are not assumed to always behave “honestly”. We describe an executable specification in Maude of the semantics of CO2, a calculus for contract-oriented systems [6]. The honesty property [5] characterises those agents which always respect their contracts, in all possible execution contexts. Since there is an infinite number of such contexts, honesty cannot be directly verified by model-checking the state space of an agent (indeed, honesty is an undecidable property in general [5]). The main contribution of this paper is a sound verification technique for honesty. To do that, we safely over-approximate the honesty property by abstracting from the actual contexts a process may be engaged with. Then, we develop a model-checking technique for this abstraction, we describe an implementation in Maude, and we discuss some experiments with it

Twitlang(er): interactions modeling language (and interpreter) for Twitter

Online social networks are widespread means to enact interactive collaboration among people by, e.g., planning events, diffusing information, and enabling discussions. Twitter provides one of the most illustrative example of how people can effectively interact without resorting to traditional communication media. For example, the platform has acted as a unique medium for reliable communication in emergency or for organizing cooperative mass actions. This use of Twitter in a cooperative, possibly critical, setting calls for a more precise awareness of the dynamics regulating message spreading. To this aim, we designed?Twitlang, a formal language to model interactions among Twitter accounts. The operational semantics associated to the language allows users to clearly and precisely determine the effects of actions performed by Twitter accounts, such as post, retweet, reply to or delete tweets. The language has been implemented in the form of a?Maude?interpreter,?Twitlanger, which takes a language term as an input and, automatically or interactively, explores the computations arising from the term. By relying on this interpreter, automatic verification of communication properties of Twitter accounts can be carried out via the analysis tools provided by the?Maudeframework

Specification, simulation, and verification of component connectors in Reo

Coordination and composition of components is an essential concern in component-based software engineering. In this paper, we present an operational semantics for a component composition language called Reo. Reo connectors exogenously compose and coordinate the interactions among individual components, that unawarely comprise a complex system, into a coherent collaboration. The formal semantics we present here paves the way for studying the behavior of component composition mechanisms rigorously. To demonstrate the feasibility of such a rigorous approach, we give a faithful translation of Reo semantics into the Maude term rewriting language. This translation allows us to exploit the rewriting engine and the modelchecking module in the Maude tool-set to symbolically run and model-check the behavior of Reo connectors

Definition of Data Sharing Agreements (The case of Spanish Data Protection Law)

Electronic sharing of data among different parties, includ- ing groups of organizations and/or individuals, while protecting their legitimate rights on these data, is a key both for business and societal transactions. However, data sharing clauses are usually specified in legal documents that are far from being amenable of automated processing by the electronic platform that should enforce them. Furthermore, different parties usually pursue different interests. This may lead to conflicts that need to be solved for the agreements to succeed. Addressing this prob- lem, in this paper we i) discuss a proposal for the definition of a machine processable electronic data sharing multilateral contract (e-DSA); ii) re- call a controlled natural language (CNL4DSA) developed for expressing e-DSA clauses, in particular, authorizations and obligations policies on data; iii) instantiate a resolution process that can solve potential con- flicts posed by different stakeholders? clauses, e.g., legal, organizational, and end-users? clauses, according to specific criteria. We illustrate our approach on a realistic e-Health scenario derived from one described by a Spanish medical institution. The main novelty of this paper are the ref- erence to the Spanish Data Protection Law (S)DPL as the basic source of policies regulating data exchange and the idea of a multi-step e-DSA definition phase that incrementally increases the contract granularity. To the best of our knowledge, this is one of the first attempts to investi- gate how a real DPL can be translated into privacy rules electronically manageable by a devoted e-DSA-based infrastructure.?

LOTOS Symbolic Semantics in Maude

We present a formal tool where LOTOS specifications without restrictions in their data types can be executed. The reflective feature of rewriting logic and the metalanguage capabilities of Maude make it possible to implement the whole tool in the same semantic framework, and have allowed us to implement the LOTOS semantics and to build an entire environment with parsing, pretty printing, and input/output processing of LOTOS specifications

Executable Structural Operational Semantics in Maude

This paper describes in detail how to bridge the gap between theory and practice when implementing in Maude structural operational semantics described in rewriting logic, where transitions become rewrites and inference rules become conditional rewrite rules with rewrites in the conditions, as made possible by the new features in Maude 2.0. We validate this technique using it in several case studies: a functional language Fpl (evaluation and computation semantics, including an abstract machine), imperative languages WhileL (evaluation and computation semantics) and GuardL with nondeterminism (computation semantics), Kahn’s functional language Mini-ML (evaluation or natural semantics), Milner’s CCS (with strong and weak transitions), and Full LOTOS (including ACT ONE data type specifications). In addition, on top of CCS we develop an implementation of the Hennessy-Milner modal logic for describing local capabilities of processes, and for LOTOS we build an entire tool where Full LOTOS specifications can be entered and executed (without user knowledge of the underlying implementation of the semantics). We also compare this method based on transitions as rewrites with another one based on transitions as judgements

Checkpoint-based rollback recovery in session programming

To react to unforeseen circumstances or amend abnormal situations in communication-centric systems, programmers are in charge of "undoing" the interactions which led to an undesired state. To assist this task, session-based languages can be endowed with reversibility mechanisms. In this paper we propose a language enriched with programming facilities to commit session interactions, to roll back the computation to a previous commit point, and to abort the session. Rollbacks in our language always bring the system to previous visited states and a rollback cannot bring the system back to a point prior to the last commit. Programmers are relieved from the burden of ensuring that a rollback never restores a checkpoint imposed by a session participant different from the rollback requester. Such undesired situations are prevented at design-time (statically) by relying on a decidable compliance check at the type level, implemented in MAUDE. We show that the language satisfies error-freedom and progress of a session

The Timed Concurrent Constraint language in practice

We propose the tccp language for the specification and verification of security protocols. We study the relation between tccp and utcc by presenting a transformation from utcc into tccp that formally states the relation between the two languages. Finally, we present an interpreter for tccp implemented in Maude.Lescaylle Daudinot, A. (2009). The Timed Concurrent Constraint language in practice. http://hdl.handle.net/10251/14517Archivo delegad

Session-based concurrency in Maude:Executable semantics and type checking

Session types are a well-established approach to communication correctness in message-passing processes. Widely studied from a process calculi perspective, here we pursue an unexplored strand and investigate the use of the Maude system for implementing session-typed process languages and reasoning about session-typed process specifications. We present four technical contributions. First, we develop and implement in Maude an executable specification of the operational semantics of a session-typed π-calculus by Vasconcelos. Second, we also develop an executable specification of its associated algorithmic type checking, and describe how both specifications can be integrated. Third, we show that our executable specification can be coupled with reachability and model checking tools in Maude to detect well-typed but deadlocked processes. Finally, we demonstrate the robustness of our approach by adapting it to a higher-order session π-calculus, in which exchanged values include names but also abstractions (functions from names to processes). All in all, our contributions define a promising new approach to the (semi)automated analysis of communication correctness in message-passing concurrency