A Rewriting Framework for Activities Subject to Regulations

Activities such as clinical investigations or financial processes are subject to regulations to ensure quality of results and avoid negative consequences. Regulations may be imposed by multiple governmental agencies as well as by institutional policies and protocols. Due to the complexity of both regulations and activities there is great potential for violation due to human error, misunderstanding, or even intent. Executable formal models of regulations, protocols, and activities can form the foundation for automated assistants to aid planning, monitoring, and compliance checking. We propose a model based on multiset rewriting where time is discrete and is specified by timestamps attached to facts. Actions, as well as initial, goal and critical states may be constrained by means of relative time constraints. Moreover, actions may have non-deterministic effects, i.e., they may have different outcomes whenever applied. We demonstrate how specifications in our model can be straightforwardly mapped to the rewriting logic language Maude, and how one can use existing techniques to improve performance. Finally, we also determine the complexity of the plan compliance problem, that is, finding a plan that leads from an initial state to a desired goal state without reaching any undesired critical state. We consider all actions to be balanced, i.e., their pre and post-conditions have the same number of facts. Under this assumption on actions, we show that the plan compliance problem is PSPACE-complete when all actions have only deterministic effects and is EXPTIME-complete when actions may have non-deterministic effects. © M. Kanovich, T. Ban Kirigin, V. Nigam, A. Scedrov, C. Talcott, and R. Perovic.

[1]  John C. Mitchell,et al.  Privacy and Utility in Business Processes , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[2]  John C. Mitchell,et al.  A Formalization of HIPAA for a Medical Messaging System , 2009, TrustBus.

[3]  John C. Mitchell,et al.  Multiset rewriting and the complexity of bounded security protocols , 2004, J. Comput. Secur..

[4]  Insup Lee,et al.  Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking , 2008, DEON.

[5]  Insup Lee,et al.  Permission to speak: A logic for access control and conformance , 2011, J. Log. Algebraic Methods Program..

[6]  Frank Pfenning,et al.  An Authorization Logic With Explicit Time , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[7]  Max I. Kanovich,et al.  Specifying Real-Time Finite-State Systems in Linear Logic , 1998, COTIC.

[8]  Max I. Kanovich,et al.  Policy Compliance in Collaborative Systems , 2009, 2009 22nd IEEE Computer Security Foundations Symposium.

[9]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[10]  Max I. Kanovich,et al.  Collaborative Planning with Confidentiality , 2011, Journal of Automated Reasoning.

[11]  Narciso Martí-Oliet,et al.  All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic , 2007, All About Maude.

[12]  MeseguerJosé Conditional rewriting logic as a unified model of concurrency , 1992 .

[13]  Insup Lee,et al.  Toward patient safety in closed-loop medical device systems , 2010, ICCPS '10.

[14]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[15]  Carolyn L. Talcott,et al.  Towards an automated assistant for clinical investigations , 2012, IHI '12.

[16]  Peter Csaba Ölveczky,et al.  Abstraction and Completeness for Real-Time Maude , 2006, WRLA.

[17]  Max I. Kanovich,et al.  Bounded memory Dolev-Yao adversaries in collaborative systems , 2010, Inf. Comput..

[18]  Rajeev Alur,et al.  Decision Problems for Timed Automata: A Survey , 2004, SFM.

[19]  David de Frutos-Escrig,et al.  Decidability of Properties of Timed-Arc Petri Nets , 2000, ICATPN.

[20]  Dilsun Kirli Kaynar,et al.  Experiences in the logical specification of the HIPAA and GLBA privacy laws , 2010, WPES '10.

[21]  Jacqueline Vauzeilles,et al.  The classical AI planning problems in the mirror of Horn linear logic: semantics, expressibility, complexity , 2001, Mathematical Structures in Computer Science.