A Modeling Language to
Model Norms
Karen Figueiredo
Viviane Torres da Silva
{kfigueiredo,viviane.silva}@ic.uff.br
Universidade Federal Fluminense (UFF)
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
Introduction
 Norms regulate the behavior of agents in open MAS
 Norms can be defined at design time and at runtime
 The definition of norms at design time is important
to:
– keep the alignment of the norms with the systems
elements, such as its entities and the actions that they
execute
– detect and solve some conflicts between norms at design
time (at least, part of the conflicts)
Our goals on this paper...
 To investigate the properties and the characteristics
of norms
 To find out if the MAS languages, methodologies and
models give support to
– The modeling of such properties
– To the checking of conflicts at design time
 To present the preliminary version of the normative
modeling language called NormML
Properties and Characteristics of a Norm
 Based on the study of 10 specification and implementation
languages for norms
 Premise: Norms restrict the behavior of system entities during
a period of time and define the sanctions applied when
violated or fulfilled.
 Static aspects: the key elements that compose a norm
– Deontic concept, involved entities, actions, activation constraints,
sanctions and context
 Dynamic aspects
– Creation, cancelation and delegation
Static Aspects
 Deontic concept: the restriction kind
– permission, obligation or prohibition
 Entity whose behavior is being regulated:
– agents, all agents playing a given role, an agent playing a given role or
group of agents
 Action/state being regulated:
– communicative or non-communicative actions
– state of the system
 Activation/deactivation constraints:
– the execution of an action, time intervals, achievement of system state
or the activation/deactivation/fulfillment/violation of a norm
 Sanction:
– punishments or rewards
 Context:
– Organization, environment, interaction or scene
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
Background
 Metamodels: define the vocabulary used by the
modeling languages
– Models are instances of metamodels
– Well-formed rules: invariants of the metamodel that
guarantees the consistency of the models to its
metamodel
 Role Based Access Control (RBAC)
– security policies specify the permissions that a user has
under a given role, while trying to access system resources
Background
 SecureUML+ComponentUML
– Designed specifically for RBAC modeling
– Well-defined syntax
– Has a formal semantics
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
NormML: a normative modeling language
Deontic Concepts
 Obligation
 Prohibition
 Permission
Involved Entities




Role
Agent
Agent playing Role
Organization
Actions
I/II
 Each resource kind is related to a set of actions that can be used to
control the access to the resource.
 Atomic and composite actions
Resource
Actions
Entity
create, read, update, delete, full access
Attribute
read, update, full access
Method
execute
AssociationEnd
read, update, full access
AgentAction
execute
Message
send, receive, full access
Actions
I/II
Activation / Deactivation Constraint
 Norm is active during a certain period of time delimited by
– The execution of actiond
– The achievement of deadlined
– The achievement of a given state
Sanctions
 Punishment if the agent violates the norm
 Reward if the agent fulfils the norm
Context
 The scope of the norm
– The organization where the norm is defined
– The environment where the norm is defined
Example
I/II
 N1: All agents executing in the context of the environment
MarketPlace are prohibited to read and update—
attributeFullAccess—the attribute price of the entity good.
Example
II/II
 N2: Sellers are permitted, in the context of the organization
WebStore that inhabits the environment MarketPlace, to update the
attribute price of the entity good before it opens for sale.
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
Vadating the Norms
I/III
1. Well-formed rules
– Invariants of the metamodel that its models must fulfill
– Written in OCL
a) E.g.:The resource Attribute can only be linked to the actions
AtomicRead, AtomicUpdate and AttributeFullAccess
b) E.g.:The resource AgentAction can only be linked to the action
AtomicExecute
Validating the Norms
II/III
2. Checking for conflicts between norms
a) Deontic concept:
– Obligation x prohibition
– Permission x prohibition
– Permission x obligation in the period the permission is not activated
b) Entities whose behavior are being regulated:
– agents, all agents playing a given role, an agent playing a given role or
group of agents
– between norms applied to the same entity;
– between a norm defined to a role and a norm defined to an agent that
can play a role;
– between norms applied to different roles played by the same agent;
– between the norms applied to roles in a hierarchy of roles;
Validating the Norms
c)
III/III
Actions/state being regulated:
– the actions being regulated by the norms are of the same type on the
same resource
– one of the actions is an AtomicRead and the other an AtomicUpdate to
the same attribute of an Entity or the same association end of an
Association
– one of the actions is an AttributeFullAccess and the other is an
AtomicRead or an AtomicUpdate to the same attribute of the same
Entity
– …..
d) Activation/deactivation constraints:
– one of the norms is not restricted to any condition: it is always active
– the periods established by the invariants Before, After, Between
intersect
Example of Conflict
organization WebStore is situation in environment MarketPlace
N1 is applied to all agents and N2 to agents playing the role Seller
N1 is a prohibition and N2 a permission
N1: attributeFullAccess
N2: attributeUpdate
N1: always activated
N2: before clause
Outline
 Introduction
 Goals of the paper
 Background
– Metamodeling
– RBAC
– SecureUML+ComponentUML
 NormML
 Validating Norms
– Well-formed rules
– Checking for conflicts
 Conclusion
Conclusion
 None of the analyzed modeling languages gives support to the
modeling of the main elements that compose a norm
 Such elements were found out after studing 10 specification and
implementation languages
– Current version of NormML is able to model all the elements that
compose a norm
 OCL invariants and queries are being implemented and checked by
using EOS, a Java component which implements OCL2.0 evaluation
on model scenarios
 Future work:
– To finish the algorith to check for conflicts
– To finish the implementation of all well-formeness rules
– ....
A Modeling Language to
Model Norms
Thank!!
Karen Figueiredo
Viviane Torres da Silva
{kfigueiredo, viviane.silva}@ic.uff.br
Universidade Federal Fluminense