detection of conflicts in electronic contracts
DESCRIPTION
Detection of Conflicts in Electronic Contracts. Stephen Fenech Gordon J. Pace University of Malta Gerardo Schneider University of Oslo. TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A. Motivation. Are different services compatible together? - PowerPoint PPT PresentationTRANSCRIPT
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
FLACOS 2008
Detection of Conflicts in Electronic Contracts
Stephen FenechGordon J. Pace University of Malta
Gerardo SchneiderUniversity of Oslo
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
2November 2008
Motivation
Are different services compatible together? (is this (almost) just the beauty criterion we saw
yesterday?)
Different views of contracts: Contracts as properties A meta-level view of contracts
Composition of services/systems means composition of contracts
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
3November 2008
The CL View of Contracts
An action-based deontic logic Enables specification of obligations,
prohibitions and permissions Reparations as (possibly nested) CTDs, CTPs
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
4November 2008
What are Conflicts?
Conflicts arise when the contract enforces contradictory actions by one or more signatories. Obliged and forbidden from doing an action Permitted and forbidden from performing an
action Being obliged to perform two conflicting actions Being obliged and permitted to perform two
conflicting actions
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
5November 2008
Semantic Detection of Conflicts
A contract is conflict-free if for any sequence of non-violating actions, a contract monitor will not end up in a state where the contract enforces a conflict.
This requires a trace semantics of CL on finite traces; and which preserves deontic information
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
6November 2008
Original trace semantics:
¾ ²1 c Example:
[{a,b}, {b}, …] ²1
[a]O(b) Æ [b]P(c)
Deontic Trace Semantics of CL
¾`1 c
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
7November 2008
Three problems: Infinite traces are not always constructible:
8 ¾ ¢ ¾ 21 O(a) Æ F(a) Permission has no role in the semantics:
[ {b}, … ] ²1 F(a) Æ P(a)
No deontic information is used in the semantics
Deontic Trace Semantics of CL
¾`1 c
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
8November 2008
New trace semantics:¾, ¾d ²f c
Correctness:¾ ²1 c ,
9¾d ¢ 8n ¢ ¾(0..n), ¾d (0..n) ²f c
Deontic Trace Semantics of CL
¾`1 c
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
9November 2008
Automata with Deontic Information
Given a CL contract c, (c) = h S, A&, s0, T, V, I, ± i is an automaton: S is the set of states, s0 the initial state
A& is the set of concurrent actions
T= S £ A& £ S are the labelled transitions
V is the violation state I : S ! CL tags states with CL clauses ± labels states with deontic information
The language of such an automaton Accept((c)) is the set of traces accepted by the automaton, not passing through state V.
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
10November 2008
Correctness Result
Theorem: Given a CL contract c:
¾, ¾d ²f c if and only if
¾ 2 Accept((c))
A contract is conflict-free if and only if its automaton representation is conflict-free.
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
11November 2008
CLAN: An Implementation
[c]O(b)^[a]F(b)
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
12November 2008
Other Analysis using the Automaton
Superfluous Clauses State is labelled with a deontic notion
multiple times Contract Query
What does contract enforce after a sequence of actions
What actions would lead to a specific obligation
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
13November 2008
Other Analysis using the Automaton
Unreachable clausesClauses in the contract which are superfluous
Overlapping clausesClauses repeating similar or identical deontic properties
Semantics &Verification
Research Group
Department of Computer ScienceUniversity of Malta
14November 2008
Conclusions
Sound and complete decision algorithm for conflict detection of CL contracts: Based on a trace semantics of CL Prototype implementation
Used on a case study involving an airline company check-in desk.
Currently looking into combining this with runtime verification.