FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL - PowerPoint PPT Presentation

Introduction F LAVOR Analysis Conclusion FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES Romuald T HION , Daniel L E M ÉTAYER U NIVERSITÉ L YON 1, L IRIS /I NRIA G RENOBLE – R HÔNE -A LPES IEEE International Symposium on Policies for Distributed Systems and Networks R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 1 /27

Introduction F LAVOR Analysis Conclusion Outline FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES Introduction 1 The F LAVOR language 2 Analysis in F LAVOR 3 Conclusion 4 R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 2 /27

Introduction Context F LAVOR Motivations Analysis Contribution Conclusion Introduction 1 Context Motivations Contribution The F LAVOR language 2 Analysis in F LAVOR 3 Conclusion 4 R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 3 /27

Introduction Context F LAVOR Motivations Analysis Contribution Conclusion L ICIT research team at I NRIA Legal Issues in Communication and Information Technologies Computer science Law (as seen by scientists?) (as seen by lawyers?) R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 4 /27

Introduction Context F LAVOR Motivations Analysis Contribution Conclusion Motivations Examples of legal rules (from the CS literature) US Patriot Act [Giblin et al., 2005] Anti money-laundering [Liu et al., 2007] Health Insurance Portability and Accountability Act [Barth et al., 2006] Children’ Online Privacy Protection Act [Barth et al., 2006] Gramm-Leach-Bliley Act [Barth et al., 2006] The Fair Credit Reporting Act [Johnson and Grandison, 2007] Airport regulations [Delahaye et al., 2006] U.S. Food and Drug Administration [Dinesh et al., 2008] R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 5 /27

Introduction Context F LAVOR Motivations Analysis Contribution Conclusion Motivations Legal rules in IT systems Different sources (e.g., national, international, contracts. . . ) Different objectives (e.g., business, privacy, security, crime. . . ) Possibly very high stakes (e.g., financial losses, lawsuits, disrepute. . . ) How to manage and monitor legal rules in IT systems? Toward a “compliance system”! R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 6 /27

Introduction Context F LAVOR Motivations Analysis Contribution Conclusion Contribution A Formal Language for A posteriori Verification Of legal Rules F LAVOR : key design choices Formal semantics Captures patterns of legal rules Oriented toward a posteriori verification before: static analysis while: monitoring after: audit R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 7 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Introduction 1 The F LAVOR language 2 Syntax Semantics Analysis in F LAVOR 3 Conclusion 4 R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 8 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Syntax Excerpt of a business agreement Within two weeks after receipt of the Software, Customer shall pay to 1 Supplier the amount of twenty thousand Euros. The payment of any additional service by Customer shall be due within 2 four weeks after receipt of a valid invoice for the service. In case of late payment, Customer shall pay, in addition to the due 3 amount, a penalty of 5% of this amount. R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 9 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Syntax Characteristics of legal rules Conditional activation ( e.g., on receipt of an invoice ) Context ( e.g., invoice amount ) Deontic and temporal modalities ( e.g., must . . . within . . . ) Contrary to duty ( e.g., in case of a breach ) F LAVOR is a domain specific language for legal rules which captures those constructors R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 10 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Formal syntax L ::= ⊕� ρ, δ � | ⊖� ρ, δ � | � ρ, δ � � φ | � ρ, δ � ˙ � φ | ψ ⋗ φ | ψ ∧ φ Informal semantics ρ, δ atomic properties (pattern matching on events) ⊕� ρ, δ � ought to do ρ before δ occurs ⊖� ρ, δ � ought not to do ρ until δ occurs � ρ, δ � � φ for each ρ until δ , φ have to be satisfied � φ if ρ occurs before δ , then φ have to be satisfied � ρ, δ � ˙ ψ ⋗ φ if ψ is breached, then φ have to be satisfied R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 11 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Semantics Semantic function � ψ � f : ( E ⋆ × N ) → ( B × N ) ⊥ Given formula ψ and environment a f , produces a function � ψ � f from a trace ( σ ∈ E ⋆ ) and a point ( i ∈ N ) tells whether the formula ψ , under environment f , is satisfied at point j ( tt , j ) breached at point j ( ff , j ) pending ( ⊥ ) a mapping from variables to values R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 12 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Semantics Obligation  if δ matches σ ( i ) ( ff , i )   if ρ matches σ ( i ) � ⊕� ρ, δ � � f ( σ, i ) ( tt , i )  otherwise � ⊕� ρ, δ � � f ( σ, i + 1)  Prohibition  if δ matches σ ( i ) ( tt , i )   if ρ matches σ ( i ) � ⊖� ρ, δ � � f ( σ, i ) ( ff , i )  otherwise � ⊖� ρ, δ � � f ( σ, i + 1)  Deadline takes precedence. ⊕ and ⊖ have dual behaviours. R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 13 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Semantics Conjunction � ψ ∧ φ � f ( σ, i ) = � ψ � f ( σ, i ) ⊓ � φ � f ( σ, i ) Both ψ and φ have to be satisfied. Unique trigger  if δ matches σ ( i ) ( tt , i )   if ρ matches σ ( i ) � � ρ, δ � ˙ � φ � f ( σ, i ) � φ � f ′ ( σ, i + 1)  otherwise � � ρ, δ � ˙ � φ � f ( σ, i + 1)  If δ happens, the rule have reached its deadline. If ρ happens, then evaluates φ instanciated with environment updated. R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 14 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Semantics Multiple triggers � � ρ, δ � � φ � f ( σ, i )  if δ matches σ ( i ) ( tt , i )   if ρ matches σ ( i ) � φ � f ′ ( σ, i + 1) ⊓ � � ρ, δ � � φ � f ( σ, i + 1)  otherwise � � ρ, δ � � φ � f ( σ, i + 1)  If ρ happens, then evaluates φ instanciated with environment updated and continues to evaluate the whole rule � ρ, δ � � φ (until some δ occurs). R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 15 /27

Introduction F LAVOR Syntax Analysis Semantics Conclusion Semantics Contrary to duty  if � ψ � f ( σ, i ) = ( tt , j ) ( tt , j )   if � ψ � f ( σ, i ) = ( ff , j ) � ψ ⋗ φ � f ( σ, i ) � φ � f ( σ, j ) otherwise  ⊥  If ψ is satisfied, then the whole rule ψ ⋗ φ is satisfied. If ψ is breached, then returns the result of the evaluation of φ . R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 16 /27

Introduction F LAVOR Some properties Analysis Example analysis Conclusion Introduction 1 The F LAVOR language 2 Analysis in F LAVOR 3 Some properties Example analysis Conclusion 4 R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 17 /27

Introduction F LAVOR Some properties Analysis Example analysis Conclusion Some properties Impossible deadlines If ∀ e ∈ E ⋆ , e never matches δ , then: ⊕� ρ, δ � is unbreachable ⊖� ρ, δ � is unsatisfiable Strength properties φ is stronger than ψ ( φ � ψ ) φ ∧ ψ � φ and φ ∧ ψ � ψ � ρ, δ � � φ � � ρ, δ � ˙ � φ φ � ( φ ⋗ ψ ) R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 18 /27

Introduction F LAVOR Some properties Analysis Example analysis Conclusion Example analysis Within two weeks after receipt of the Software, Customer shall pay to Supplier the amount of twenty thousand Euros. [. . . ] In case of late payment, Customer shall pay, in addition to the due amount, a penalty of 5% of this amount Formal expression in F LAVOR Receipt of the software ( soft T d S → C ) triggers once ( ˙ � ) 1 Customer must ( ⊕ ) pay within two weeks ( T a ≥ T d + 14 ) 2 If customer does not pay in due time ( ⋗ ), then he is 3 charged 5% R. T HION , D. L E M ÉTAYER FLAVOR: A F ORMAL L ANGUAGE FOR A POSTERIORI V ERIFICATION OF L EGAL R ULES 19 /27