Hostname: page-component-cd9895bd7-hc48f Total loading time: 0 Render date: 2024-12-18T04:32:32.041Z Has data issue: false hasContentIssue false

A rewriting framework and logic for activities subject to regulations

Published online by Cambridge University Press:  02 June 2015

MAX KANOVICH
Affiliation:
Department of Computer Science (UCL-CS), University College London, London, UK Email: [email protected] School of Electronic Engineering and Computer Science, Queen Mary University of London, London, UK Email: [email protected] Faculty of Computer Science, National Research University Higher School of Economics, Moscow, Russia
TAJANA BAN KIRIGIN
Affiliation:
Department of Mathematics, University of Rijeka, Croatia Email: [email protected]
VIVEK NIGAM
Affiliation:
Computer Science Department, Federal University of Paraíba, João Pessoa, Brazil Email: [email protected]
ANDRE SCEDROV
Affiliation:
Faculty of Computer Science, National Research University Higher School of Economics, Moscow, Russia Department of Mathematics, University of Pennsylvania, Philadelphia, USA Email: [email protected]
CAROLYN TALCOTT
Affiliation:
Computer Science Laboratory, SRI International, Menlo Park, California, USA E-mail: [email protected]
RANKO PEROVIC
Affiliation:
Clinical Research Manager, Los Angeles, California, USA Email: [email protected]

Abstract

Activities such as clinical investigations (CIs) or financial processes are subject to regulations to ensure quality of results and avoid negative consequences. Regulations may be imposed by multiple governmental agencies as well as by institutional policies and protocols. Due to the complexity of both regulations and activities, there is great potential for violation due to human error, misunderstanding, or even intent. Executable formal models of regulations, protocols and activities can form the foundation for automated assistants to aid planning, monitoring and compliance checking. We propose a model based on multiset rewriting where time is discrete and is specified by timestamps attached to facts. Actions, as well as initial, goal and critical states may be constrained by means of relative time constraints. Moreover, actions may have non-deterministic effects, i.e. they may have different outcomes whenever applied. We present a formal semantics of our model based on focused proofs of linear logic with definitions. We also determine the computational complexity of various planning problems. Plan compliance problem, for example, is the problem of finding a plan that leads from an initial state to a desired goal state without reaching any undesired critical state. We consider all actions to be balanced, i.e. their pre- and post-conditions have the same number of facts. Under this assumption on actions, we show that the plan compliance problem is PSPACE-complete when all actions have only deterministic effects and is EXPTIME-complete when actions may have non-deterministic effects. Finally, we show that the restrictions on the form of actions and time constraints taken in the specification of our model are necessary for decidability of the planning problems.

Type
Paper
Copyright
Copyright © Cambridge University Press 2015 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

References

Alur, R. and Dill, D. (1994). A theory of timed automata. Theoretical Computer Science 126 183235.CrossRefGoogle Scholar
Alur, R. and Madhusudan, P. (2004). Decision problems for timed automata: A survey. In: SFM 124.Google Scholar
Andreoli, J.-M. (1992). Logic programming with focusing proofs in linear logic. Journal of Logic and Computation 2 (3) 297347.CrossRefGoogle Scholar
Arney, D., Pajic, M., Goldman, J. M., Lee, I., Mangharam, R. and Sokolsky, O. (2010). Toward patient safety in closed-loop medical device systems. In (ICCPS '10), New York, NY, USA, ACM 139148.Google Scholar
Baelde, D. (2008). A Linear Approach to the Proof-Theory of Least and Greatest Fixed Points. PhD thesis, Ecole Polytechnique.Google Scholar
Baelde, D. and Miller, D. (2007). Least and greatest fixed points in linear logic. In: Dershowitz, N. and Voronkov, A. (eds.) International Conference on Logic for Programming and Automated Reasoning (LPAR), volume 4790, 92106.Google Scholar
Barth, A., Datta, A., Mitchell, J. C. and Nissenbaum, H. (2006). Privacy and contextual integrity: Framework and applications. In: IEEE Symposium on Security and Privacy 184198.Google Scholar
Barth, A., Mitchell, J. C., Datta, A. and Sundaram, S. (2007). Privacy and utility in business processes. In: CSF 279294.Google Scholar
Chandra, Kozen D. C. and Stockmeyer, L. J. (1981). Alternation. Journal of the ACM 28 114133.Google Scholar
Clavel, M., Durán, F., Eker, S., Lincoln, P., Martí-Oliet, N., Meseguer, J. and Talcott, C. (2007). All About Maude: A High-Performance Logical Framework, Springer.Google Scholar
Corin, R., Etalle, S., Hartel, P. H. and Mader, A. (2007). Timed analysis of security protocols. Journal of Computer Security 15 (6) 619645.Google Scholar
de Frutos Escrig, D., Ruiz, V. V. and Alonso, O. M. (2000). Decidability of properties of timed-arc petri nets. In: ICATPN'00, Springer-Verlag 187206.Google Scholar
DeYoung, H., Garg, D., Jia, L., Kaynar, D. K. and Datta, A. (2010). Experiences in the logical specification of the HIPAA and GLBA privacy laws. In: WPES 7382.Google Scholar
DeYoung, H., Garg, D. and Pfenning, F. (2008). An authorization logic with explicit time. In: CSF 133145.Google Scholar
Dinesh, N., Joshi, A. K., Lee, I. and Sokolsky, O. (2008). Reasoning about conditions and exceptions to laws in regulatory conformance checking. In: DEON 110124.Google Scholar
Dinesh, N., Joshi, A. K., Lee, I. and Sokolsky, O. (2011). Permission to speak: A logic for access control and conformance. Journal of Logic and Algebraic Programming 5074.Google Scholar
Durgin, N. A., Lincoln, P., Mitchell, J. C. and Scedrov, A. (2004). Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12 (2) 247311.Google Scholar
FDA (2014). Code of Federal Regulations, Title 21, Chapter 1, Subchapter D, Part 312: Investigational New Drug Application. Available at http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfCFR/CFRSearch.cfm?CFRPart=312&showFR=1.Google Scholar
Garg, D., Jia, L. and Datta, A. (2011). Policy auditing over incomplete logs: Theory, implementation and applications. In: CCS'11. 151162.Google Scholar
Harrison, M. A., Ruzzo, W. L. and Ullman, J. D. (1975). On protection in operating systems. In: SOSP'75: Proceedings of the 5th ACM Symposium on Operating Systems Principles, New York, NY, USA, ACM 1424.Google Scholar
Hodas, J. S. and Miller, D. (1994). Logic programming in a fragment of intuitionistic linear logic. Information and Computation 110 (2) 327365.Google Scholar
Kanovich, M., Ban Kirigin, T., Nigam, V. and Scedrov, A. (2010). Bounded memory Dolev-Yao adversaries in collaborative systems. In: FAST. 1833.Google Scholar
Kanovich, M., Ban Kirigin, T., Nigam, V. and Scedrov, A. (2014). Bounded memory Dolev-Yao adversaries in collaborative systems. Information and Computation 238 233261.Google Scholar
Kanovich, M., Rowe, P. and Scedrov, A. (2009). Policy compliance in collaborative systems. In: CSF'09: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, Washington, DC, USA, IEEE Computer Society.Google Scholar
Kanovich, M. I., Ban Kirigin, T., Nigam, V. and Scedrov, A. (2013). Bounded memory protocols and progressing collaborative systems. In: Crampton, J., Jajodia, S. and Mayes, K. (eds.) ESORICS. Springer Lecture Notes in Computer Science, volume 8134, 309326.Google Scholar
Kanovich, M. I., Ban Kirigin, T., Nigam, V. and Scedrov, A. (2014). Bounded memory protocols. Computer Languages, Systems & Structures 40 (3-4) 137154.Google Scholar
Kanovich, M. I., Ban Kirigin, T., Nigam, V., Scedrov, A., Talcott, C. L. and Perovic, R. (2012). A rewriting framework for activities subject to regulations. In: Tiwari, A. (ed.) RTA. LIPIcs.Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, volume 15, 305322.Google Scholar
Kanovich, M. I., Okada, M. and Scedrov, A. (1998). Specifying real-time finite-state systems in linear logic. Electronic Notes in Theoretical Computer Science 16 (1) 4259.Google Scholar
Kanovich, M. I., Rowe, P. and Scedrov, A. (2011). Collaborative planning with confidentiality. Journal of Automated Reasoning 46 (3–4) 389421.Google Scholar
Kanovich, M. I. and Vauzeilles, J. (2001). The classical ai planning problems in the mirror of horn linear logic: Semantics, expressibility, complexity. Mathematical Structures in Computer Science 11 (6) 689716.Google Scholar
Lam, P. E., Mitchell, J. C. and Sundaram, S. (2009). A formalization of HIPAA for a medical messaging system. In: Fischer-Hübner, S., Lambrinoudakis, C. and Pernul, G. (eds.) TrustBus. Springer Lecture Notes in Computer Science, volume 5695, 7385.Google Scholar
Lanotte, R., Maggiolo-Schettini, A. and Troina, A. (2010). Reachability results for timed automata with unbounded data structures. Acta Informatica 47 (5–6) 279311.Google Scholar
McDowell, R. and Miller, D. (2000). Cut-elimination for a logic with definitions and induction. Theoretical Computer Science 232 91119.Google Scholar
Meseguer, J. (1992). Conditional Rewriting Logic as a unified model of concurrency. Theoretical Computer Science 96 (1) 73155.Google Scholar
Minsky, M. (1961). Recursive unsolvability of post's problem of ‘tag’ and other topics in the theory of turing machines. Annals of Mathematics. 74 (3) 437455.Google Scholar
Nigam, V. (2012). On the complexity of linear authorization logics. In: LICS IEEE 511–520.Google Scholar
Nigam, V., Ban Kirigin, T., Scedrov, A., Talcott, C., Kanovich, M. and Perovic, R. (2012). Towards an automated assistant for clinical investigations. In: Second ACM SIGHIT International Health Informatics Symposium. 773778.Google Scholar
Nigam, V. and Miller, D. (2009). Algorithmic specifications in linear logic with subexponentials. 129140.Google Scholar
Nigam, V. and Miller, D. (2010). A framework for proof systems. Journal of Automated Reasoning 45 (2) 157188.Google Scholar
Ölveczky, P. C. and Meseguer, J. (2007). Abstraction and completeness for Real-Time Maude. Electronic Notes in Theoretical Computer Science 176 (4) 527.Google Scholar
Schroeder-Heister, P. (1993). Rules of definitional reflection. In: Vardi, M. (ed.) 8th Annual Symposium on Logic in Computer Science, IEEE Computer Society Press, IEEE 222232.Google Scholar