Comodo: Collaborative Monitoring of Commitment Delegations

Understanding accountability in contract violations, e.g., whom is accountable for what, is a tedious, time-consuming, and costly task for human decision-making, especially when contractual responsibilities are delegated among parties. Intelligent software agents equipped with expert capabilities such as monitoring and diagnosis help save time and improve accuracy of diagnosis by formal reasoning upon electronic contracts. Such contracts are represented as commitment norms, a well studied artifact in multi-agent systems, which provide semantics for agent interactions. Due to the open and heterogeneous nature of multi-agent systems, commitments are often violated. When a commitment is violated, e.g., an exception occurs, agents need to collaborate to understand what went wrong and which agent is responsible. We propose Comodo: a framework for monitoring commitment delegations and detecting violations. We define a complete set of possible rational delegation schemes for commitments, identifying for each combination of delegations what critical situations may lead to an improper delegation and potentially to a commitment violation. Comodo provides a sound and complete distributed reasoning procedure that is able to find all improper delegations of a given commitment. We provide the complete implementation of Comodo using the Reactive Event Calculus, and present an e-commerce case study to demonstrate its workings. Due to its generic nature, we discuss the application of our approach to other distributed diagnosis problems in emergency healthcare, Internet of Things and smart environments, and security, privacy, and accountability in the context of socio-technical system

GOSU: Computing GOal SUpport with commitments in multiagent systems

Goal-based agent architectures have been one of the most effective architectures for designing agents. In such architectures, the state of the agent as well as its goal set are represented explicitly. The agent then uses its set of actions to reach the goals in its goal set. However, in multiagent systems, most of the time, an agent cannot reach a goal only using its own actions but needs other agents to act as well. Commitments have been successfully used to regulate those interactions between agents. This paper proposes a framework and an environment for agents to manage the relations between their commitments and goals. More specifically, we provide an algorithm called GOSU to compute if a given set of commitments can be used to achieve a particular goal. We describe how GOSU can be implemented using the Reactive Event Calculus and demonstrate its capabilities over a case study

Desen: Specification of Sociotechnical Systems via Patterns of Regulation and Control

We address the problem of engineering a sociotechnical system (STS) with respect to its stakeholders’ requirements. We motivate a two-tier STS conception comprising a technical tier that provides control mechanisms and describes what actions are allowed by the software components, and a social tier that characterizes the stakeholders’ expectations of each other in terms of norms. We adopt agents as computational entities, each representing a different stakeholder. Unlike previous approaches, our framework, Desen, incorporates the social dimension into the formal verification process. Thus, Desen supports agents potentially violating applicable norms—a consequence of their autonomy. In addition to requirements verification, Desen supports refinement of STS specifications via design patterns to meet stated requirements. We evaluate Desen at three levels. We illustrate how Desen carries out refinement via the application of patterns on a hospital emergency scenario. We show via a human-subject study that a design process based on our patterns is helpful for participants who are inexperienced in conceptual modeling and norms. We provide an agent-based environment to simulate the hospital emergency scenario to compare STS specifications (including participant solutions from the human-subject study) with metrics indicating social welfare and norm compliance, and other domain dependent metrics

Concurrent bilateral negotiation for open e-markets: The Conan strategy

We develop a novel strategy that supports software agents to make decisions on how to negotiate for a resource in open and dynamic e-markets. Although existing negotiation strategies offer a number of sophisticated features, including modelling an opponent and negotiating with many opponents simultaneously, they abstract away from the dynamicity of the market and the model that the agent holds for itself in terms of ongoing negotiations, thus ignoring information that increases an agent’s utility. Our proposed strategy COncurrent Negotiating AgeNts (Conan) considers a weighted combination of modelling the market environment and the progress of concurrent negotiations in which the agent partakes. We conduct extensive experiments to evaluate the strategy’s performance in various settings where different opponents from the literature provide a competitive market. Our experiments provide statistically significant results showing how Conan outperforms the state-of-the-art in terms of the utility gained during negotiations

Kont: Computing tradeoffs in normative multiagent systems

We propose Kont, a formal framework for comparing normative multiagent systems (nMASs) by computing tradeoffs among liveness (something good happens) and safety (nothing bad happens). Safety-focused nMASs restrict agents' actions to avoid undesired enactments. However, such restrictions hinder liveness, particularly in situations such as medical emergencies. We formalize tradeoffs using norms, and develop an approach for understanding to what extent an nMAS promotes liveness or safety. We propose patterns to guide the design of an nMAS with respect to liveness and safety, and prove their correctness. We further quantify liveness and safety using heuristic metrics for an emergency healthcare application. We show that the results of the application corroborate our theoretical development

Nane: Identifying misuse cases using temporal norm enactments

Recent data breaches in domains such as healthcare where confidentiality of data is crucial indicate that breaches often originate from misuses, not only from vulnerabilities in the technical (software or hardware) architecture. Current requirements engineering (RE) approaches determine what access control mechanisms are needed to protect sensitive resources (assets). However, current RE approaches inadequately characterize how a user is expected to interact with others in relation to the relevant assets. Consequently, a requirements analyst cannot readily identify misuses by legitimate users. We adopt social norms as a natural, formal means of characterizing user interactions whereby potential misuses map to norm violations. Our research goal is to help analysts identify misuse cases by formal reasoning about norm enactments. We propose Nane, a formal framework for identifying such misuse cases using a semiautomated process. We demonstrate how Nane enables monitoring of potential misuses on a healthcare scenario

Pirasa: strategic protocol selection for e-commerce agents

We present Pirasa: an agent-based simulation environment for studying how autonomous agents can best interact with each other to exchange goods in e-commerce marketplaces. A marketplace in Pirasa enables agents to enact buyer or seller roles and select from sales, auction, and negotiation protocols to achieve the individual goals of their users. An agent's strategy to maximize its utility in the marketplace is guided by its user's preferences and constraints such as `maximum price' and `deadline', as well as an agent's personality attributes, e.g., how `eager' or `late' the agent can be for exchanging goods and whether the agent is a `spender' or `saver' in an exchange. To guide the agent's actions selected by a strategy, we use the notion of electronic contracts formulated as regulatory norms. In this context, we present how Pirasa is organized with regards to seller processes for goods submission, the inclusion of buyer preferences, and the management of transactions through specialized broker agents. Using randomized simulations, we demonstrate how a buyer agent can strategically select the most suitable protocol to satisfy its user's preferences, goals and constraints in dynamically changing market settings. The generated simulation data can be leveraged by researchers to analyze agent behaviors, and develop additional strategies

Age Appropriate Design: Assessment of TikTok, Twitch, and YouTube Kids

The presence of children in the online world is increasing at a rapid pace. As children interact with services such as video sharing, live streaming, and gaming, a number of concerns arise regarding their security and privacy as well as their safety. To address such concerns, the UK's Information Commissioner's Office (ICO) sets out 15 criteria alongside a risk management process for developers of online services for children. We present an analysis of 15 ICO criteria for age appropriate design. More precisely, we investigate whether those criteria provide actionable requirements for developers and whether video sharing and live streaming platforms that are used by children of different age ranges (i.e., TikTok, Twitch and YouTube Kids) comply with them. Our findings regarding the ICO criteria suggest that some criteria such as age verification and transparency provide adequate guidance for assessment whereas other criteria such as parental controls, reporting of inappropriate content, and handling of sensitive data need further clarification. Our findings regarding the platforms themselves suggest that they choose to implement the simplest form of self-declared age verification with limited parental controls and plenty of opportunities

How Good is a Security Policy against Real Breaches? A HIPAA Case Study

Policy design is an important part of software development. As security breaches increase in variety, designing a security policy that addresses all potential breaches becomes a nontrivial task. A complete security policy would specify rules to prevent breaches. Systematically determining which, if any, policy clause has been violated by a reported breach is a means for identifying gaps in a policy. Our research goal is to help analysts measure the gaps between security policies and reported breaches by developing a systematic process based on semantic reasoning. We propose SEMAVER, a framework for determining coverage of breaches by policies via comparison of individual policy clauses and breach descriptions. We represent a security policy as a set of norms. Norms (commitments, authorizations, and prohibitions) describe expected behaviors of users, and formalize who is accountable to whom and for what. A breach corresponds to a norm violation. We develop a semantic similarity metric for pairwise comparison between the norm that represents a policy clause and the norm that has been violated by a reported breach. We use the US Health Insurance Portability and Accountability Act (HIPAA) as a case study. Our investigation of a subset of the breaches reported by the US Department of Health and Human Services (HHS) reveals the gaps between HIPAA and reported breaches, leading to a coverage of 65%. Additionally, our classification of the 1,577 HHS breaches shows that 44% of the breaches are accidental misuses and 56% are malicious misuses. We find that HIPAA's gaps regarding accidental misuses are significantly larger than its gaps regarding malicious misuses

Corba: Crowdsourcing to Obtain Requirements from Regulations and Breaches

Context: Modern software systems are deployed in sociotechnical settings, combining social entities (humans and organizations) with technical entities (software and devices). In such settings, on top of technical controls that implement security features of software, regulations specify how users should behave in security-critical situations. No matter how carefully the software is designed and how well regulations are enforced, such systems are subject to breaches due to social (user misuse) and technical (vulnerabilities in software) factors. Breach reports, often legally mandated, describe what went wrong during a breach and how the breach was remedied. However, breach reports are not formally investigated in current practice, leading to valuable lessons being lost regarding past failures. Objective: Our research aim is to aid security analysts and software developers in obtaining a set of legal, security, and privacy requirements, by developing a crowdsourcing methodology to extract knowledge from regulations and breach reports. Method: We present Çorba, a methodology that leverages human intelligence via crowdsourcing, and extracts requirements from textual artifacts in the form of regulatory norms. We evaluate Çorba on the US healthcare regulations from the Health Insurance Portability and Accountability Act (HIPAA) and breach reports published by the US Department of Health and Human Services (HHS). Following this methodology, we have conducted a pilot and a final study on the Amazon Mechanical Turk crowdsourcing platform. Results: Çorba yields high quality responses from crowd workers, which we analyze to identify requirements for the purpose of complementing HIPAA regulations. We publish a curated dataset of the worker responses and identified requirements. Conclusions: The results show that the instructions and question formats presented to the crowd workers significantly affect the response quality regarding the identification of requirements. We have observed significant improvement from the pilot to the final study by revising the instructions and question formats. Other factors, such as worker types, breach types, or length of reports, do not have notable effect on the workers’ performance. Moreover, we discuss other potential improvements such as breach report restructuring and text highlighting with automated methods