Type Annotation for Adaptive Systems

We introduce type annotations as a flexible typing mechanism for graph systems and discuss their advantages with respect to classical typing based on graph morphisms. In this approach the type system is incorporated with the graph and elements can adapt to changes in context by changing their type annotations. We discuss some case studies in which this mechanism is relevant.Comment: In Proceedings GaM 2016, arXiv:1612.0105

Annotations on Complex Patterns

Modelers of systems often want to isolate specific parts of a model to be treated as a whole, for example to protect them from accidental changes,to constrain them to specific policies, or to identify them as instances of a general pattern. In particular, we study here the case in which these parts are annotated with information from some external model.In a previous paper, we have discussed the use of annotations on individual model elements, represented as nodes in a graph; in this paper we model annotation processes involving also annotations themselves or whole configurations.To address the latter problem, we enrich the notion of graph by introducing a third sort of elements, called boxes, encompassing subgraphs, and associate them with annotations, too. We show how annotations on boxes support the modeling of complex policies,adapting the previous constructions for notation-aware rewriting to include boxes.The paper illustrates these concepts on the concrete modeling scenario of an organisation with security and temporal annotations

Conditions, constraints and contracts: on the use of annotations for policy modeling.

Organisational policies express constraints on generation and processing of resources. However, application domains rely on transformation processes, which are in principle orthogonal to policy specifications and domain rules and policies may evolve in a non-synchronised way. In previous papers, we have proposed annotations as a flexible way to model aspects of some policy, and showed how they could be used to impose constraints on domain configurations, how to derive application conditions on transformations, and how to annotate complex patterns. We extend the approach by: allowing domain model elements to be annotated with collections of elements, which can be collectively applied to individual resources or collections thereof; proposing an original construction to solve the problem of annotations remaining orphan , when annotated resources are consumed; introducing a notion of contract, by which a policy imposes additional pre-conditions and post-conditions on rules for deriving new resources. We discuss a concrete case study of linguistic resources, annotated with information on the licenses under which they can be used. The annotation framework allows forms of reasoning such as identifying conflicts among licenses, enforcing the presence of licenses, or ruling out some modifications of a licence configuration

A Termination Criterion for Graph Transformations with Negative Application Conditions

Termination of graph transformations is in general undecidable, but it is possible to prove it for specific systems by checking for sufficient conditions. In the presence of rules with negative application conditions, the difficulties increase. In this paper we propose a different approach to the identification of a (sufficient) criterion for termination, based on the construction of a labelled transition system whose states represent overlaps between the negative application condition and the right hand side that can give rise to cycles

Modeling context with graph annotations

Organisational policies are often formed of declarational (defining constraints on functional services) and operational (realising functionalities via simple activities) aspects. However, when several perspectives are involved, constraints and operations can comprise different aspects, without identifying the origin of some details. We propose the use of annotations as a way to flexibly add and remove application conditions on rules, while maintaining an indication of their origin. We use graph transformations to model operations in some application domain, graph constraints to model conditions imposed by some external domain, and annotations to combine domains. We explore the problem of failure of transactions due to the additional constraints imposed by the contextual domain, and describe a way to redefine the success conditions for transactions employing the modified rules

Conditions, constraints and contracts: On the use of annotations for policy modeling

Organisational policies express constraints on generation and processing of resources. Application domains, however, rely on transformation processes, which are in principle orthogonal to policy specifications, so that domain rules and policies may evolve in a non-synchronised way. In previous papers, we proposed annotations as a flexible way to model aspects of some kinds of policy. Annotations could be used to impose constraints on domain configurations, and we showed how to derive application conditions on transformations, and how to annotate complex patterns. We extend the approach here in different directions: we allow domain model elements (individual resources or collections thereof) to be annotated with collections of elements; we propose an original construction to solve the problem of orphan annotations, when annotated resources are consumed; we introduce a notion of contract, used by a policy to impose additional pre-conditions and postconditions on rules for deriving new resources. We also show how contracts for refined rules can be derived from contract schemes defined on some rule kernel. We discuss a concrete case study of linguistic resources, annotated with information on the licenses under which they can be used. The annotation framework allows forms of reasoning such as identifying conflicts among licenses, enforcing the presence of licenses, or ruling out some modifications of a licence configuration

Preserving constraints in horizontal model transformations

Graph rewriting is gaining credibility in the model transformation field, and tools are increasingly used to specify transformation activities. However, their use is often limited by special features of graph transformation approaches, which might not be familiar to experts in the modeling domain. On the other hand, transformations for specific domains may require special constraints to be enforced on transformation results. Preserving such constraints by manual definition of graph transformations can be a cumbersome and error-prone activity. We explore the problem of ensuring that possible violations of constraints following a transformation are repaired in a way coherent with the intended meaning of the transformation. In particular, we consider the use of transformation units within the DPO approach for intra-model transformations, where the modeling language is expressed via a type graph and graph conditions. We derive additional rules in a unit from a declarative rule expressing the principal objective of the transformation, so that the constraints set by the type graph and the graph conditions hold after the application of the unit. The approach is illustrated with reference to a diagrammatic reasoning system

Graph Transformations for the Specification of Access Control Policies

n/

Formal model and policy specification of usage control

The recent usage control model (UCON) is a foundation for next-generation access control models with distinguishing properties of decision continuity and attribute mutability. A usage control decision is determined by combining authorizations, obligations, and conditions, presented as UCON ABC core models by Park and Sandhu. Based on these core aspects, we develop a formal model and logical specification of UCON with an extension of Lamport's temporal logic of actions (TLA). The building blocks of this model include: (1) a set of sequences of system states based on the attributes of subjects, objects, and the system, (2) authorization predicates based on subject and object attributes, (3) usage control actions to update attributes and accessing status of a usage process, (4) obligation actions, and (5) condition predicates based on system attributes. A usage control policy is defined as a set of temporal logic formulas that are satisfied as the system state changes. A fixed set of scheme rules is defined to specify general UCON policies with the properties of soundness and completeness. We show the flexibility and expressive capability of this formal model by specifying the core models of UCON and some applications. © 2005 ACM