SlideShare a Scribd company logo

No Time for Compliance

Guido Governatori
Guido Governatori

Slides of the paper presented at EDOC 2015, Adelaide, September 2015. ABSTRACT: In the past few years several business process compliance frameworks based on temporal logic have been proposed. In this paper we investigate whether the use of temporal logic is suitable for the task at hand: namely to check whether the specifications of a business process are compatible with the formalisation of the norms regulating the business process. We provide an example inspired by real life norms where the use of linear temporal logic produces a result that is not compatible with the legal understanding of the norms in the example.

Technology
1 of 25
Download to read offline
No Time for Compliance Guido Governatori, Mustafa Hashmi 23 September 2015 www.data61.csiro.au
A Privacy Act Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. 2 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Making Sense of the Act • Collection of medical information is forbidden. • Destruction of the illegally collected medical information excuses the illegal collection. • Collection of medical information is permitted if there is an authorising court order. • Collection of personal information is forbidden. • Collection of personal information is permitted if the collection of medical information is permitted 3 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End 4 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes 5 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes Can current compliance frameworks based on LTL be used to determine compliance of processes with norms? 5 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Linear Temporal Logic 101 (Syntax) • Xφ: at the next time φ holds; • Fφ: eventually φ holds (sometimes in the future φ); and • Gφ: globally φ holds (always in the future φ). In addition we have three binary operators: • φ U ψ (until): φ holds until ψ holds; • φ W ψ (weak until): φ holds until ψ holds and ψ might not hold. Interdefinability • Fφ ≡ U φ, • Gφ ≡ ¬F¬φ, • φ W ψ ≡ (φ U ψ) ∨ Gφ 6 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. A formula is true in a state S TS, s |= φ iff ∀σ: σ[0] = s, TS, σ |= φ. 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Obligation, Prohibition and Permission Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation or the prohibition to the contrary does not hold. 8 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Achievement vs Maintenance Obligations • For an achievement obligation, a certain condition must occur at least once before the deadline ‘Customers must pay before the delivery of the good, after receiving the invoice’ • For maintenance obligations, a certain condition must obtain during all instants before the deadline: ‘After opening a bank account, customers must keep a positive balance until bank charges are taken out’ 9 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Achievement and Maintenance Obligations in LTL Maintenance obligation Gφ G(τ → φ U δ) Achievement obligation Fφ G(τ → ¬(¬φ U δ)) 10 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Compliance in LTL To determine, given a model encoding a trace of a business process and a set of formulas encoding the relevant norms, whether the formulas are satisfiable by the model. 11 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
LTL Compliance Frameworks • Several compliance frameworks based on LTL have been proposed (e.g., COMPAS, MoBuCOM, BPMN-Q, we focus on COMPAS Compliance Requirement Language CRL). • Propose templates/patterns to capture “compliance requirements” based on the “temporal order” of tasks or business process components. • Templates correspond to temporal logic formulas 12 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
CRL Patterns • Absence: φ isAbsent, φ does not occur in the process G¬φ • Existence: φ Exists, φ occurs in the the process Fφ • Leads To: φ LeadsTo ψ, φ must always be followed by ψ G(φ → Fψ) 13 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) 14 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) but it does not work for maintenance obligations (prohibitions), Gφ ∧ ¬φ → ⊥. Gφ ∨ F(¬φ ∧ F|Xψ) 14 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
CRL Exception Patterns Strong Exceptions: [[R]]Pattern φ → ψ Weak Exceptions: [R]Pattern φ ∨ ψ where: • φ is the LTL translation of R • ψ is the LTL translation of Pattern 15 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Privacy Act Logical Structure • A (“collection of medical information”) is forbidden B (“destruction of medical information”) compensates the illegal collection • A is permitted if C (“acting under a court order”) • D (“collection of personal information”) is forbidden • D is permitted if A is permitted 16 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. 17 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). 17 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
CRL: Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). • v(start) = { ¬A, ¬B, ¬C, ¬D }; • v(T1) = { A, ¬B, ¬C, ¬D }; • v(T2) = { A, ¬B, ¬C, D }; • v(T3) = { A, B, ¬C, D }; • v(end) = { A, B, ¬C, D }. M |= LTL1 ∧ LTL2 18 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Conclusions • Current Compliance Frameworks based on Temporal Logic are not able to model real life norms. • Result not restricted to Linear Temporal Logic, it extends to other temporal logics • Result is not an impossibility theorem. If one knows what are the compliant traces, one can build a set of temporal formulas corresponding to the compliant traces (but it means using an external oracle, so useless for compliance) • Result seems to affect Deontic logic based on possible world semantics. • As far as we know, PCL and Deontic Event Calculus are not affected by the problem 19 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
Questions? Mustafa Hashmi Guido Governatori firstname.lastname@nicta.com.au 20 | No Time for Compliance | Guido Governatori, Mustafa Hashmi

Recommended

Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room System
Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room SystemConceptual Design of Fuzzy Rule Based Context Aware Meeting Room System
Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room SystemEditor IJMTER
 
Rule Based Architecture System
Rule Based Architecture SystemRule Based Architecture System
Rule Based Architecture SystemFirdaus Adib
 
Rule Based System
Rule Based SystemRule Based System
Rule Based SystemSuresh Sambandam
 
Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Guido Governatori
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Guido Governatori
 
Computational Law at Data61
Computational Law at Data61Computational Law at Data61
Computational Law at Data61Guido Governatori
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsGuido Governatori
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?Guido Governatori
 

Recommended

Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room System
Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room SystemConceptual Design of Fuzzy Rule Based Context Aware Meeting Room System
Conceptual Design of Fuzzy Rule Based Context Aware Meeting Room SystemEditor IJMTER
 
Rule Based Architecture System
Rule Based Architecture SystemRule Based Architecture System
Rule Based Architecture SystemFirdaus Adib
 
Rule Based System
Rule Based SystemRule Based System
Rule Based SystemSuresh Sambandam
 
Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Australia's RegTech Opportunities (in a digital-first world)
Australia's RegTech Opportunities (in a digital-first world)Guido Governatori
 
Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Data61's Regulation as a Platform (RaaP)
Data61's Regulation as a Platform (RaaP)Guido Governatori
 
Computational Law at Data61
Computational Law at Data61Computational Law at Data61
Computational Law at Data61Guido Governatori
 
Sequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsSequence Semantics for Norms and Obligations
Sequence Semantics for Norms and ObligationsGuido Governatori
 
The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?The Journey to Business Process Compliance. Are We There Yet?
The Journey to Business Process Compliance. Are We There Yet?Guido Governatori
 
The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceGuido Governatori
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You WillGuido Governatori
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningGuido Governatori
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-completeGuido Governatori
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You WillGuido Governatori
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesGuido Governatori
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process ComplianceGuido Governatori
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

More Related Content

More from Guido Governatori

The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceGuido Governatori
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningGuido Governatori
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-completeGuido Governatori
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesGuido Governatori
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process ComplianceGuido Governatori
 

More from Guido Governatori (7)

The Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process ComplianceThe Regorous Approach to Business Process Compliance
The Regorous Approach to Business Process Compliance
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You Will
 
Practical Non-Monotonic Reasoning
Practical Non-Monotonic ReasoningPractical Non-Monotonic Reasoning
Practical Non-Monotonic Reasoning
 
Strategic Argumentation is NP-complete
Strategic Argumentation is NP-completeStrategic Argumentation is NP-complete
Strategic Argumentation is NP-complete
 
Thou Shalt is not You Will
Thou Shalt is not You WillThou Shalt is not You Will
Thou Shalt is not You Will
 
Modelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks PoliciesModelling and Reasoning Languages for Social Networks Policies
Modelling and Reasoning Languages for Social Networks Policies
 
ICT Support for Business Process Compliance
ICT Support for Business Process ComplianceICT Support for Business Process Compliance
ICT Support for Business Process Compliance
 

Recently uploaded

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 

Recently uploaded (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 

No Time for Compliance

  • 1. No Time for Compliance Guido Governatori, Mustafa Hashmi 23 September 2015 www.data61.csiro.au
  • 2. A Privacy Act Section 1: (Prohibition to collect personal medical information) Offence: It is an offence to collect personal medical information. Defence: It is a defence to the prohibition of collecting personal medical information, if an entity immediately destroys the illegally collected personal medical information before making any use of the personal medical information Section 2: An entity is permitted to collect personal medical information if the entity acts under a Court Order authorising the collection of personal medical information. Section 3: (Prohibition to collect personal information) It is forbidden to collect personal information unless an entity is permitted to collect personal medical information. Offence: an entity collected personal information Defence: an entity being permitted to collect personal medical information. 2 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 3. Making Sense of the Act • Collection of medical information is forbidden. • Destruction of the illegally collected medical information excuses the illegal collection. • Collection of medical information is permitted if there is an authorising court order. • Collection of personal information is forbidden. • Collection of personal information is permitted if the collection of medical information is permitted 3 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 4. Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End 4 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 5. Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes 5 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 6. Motivation • Linear Temporal Logic (LTL): mature technology to verify systems • Similarity between conditions for obligations and temporal notions in LTL • many compliance frameworks proposed LTL to check compliance of business processes Can current compliance frameworks based on LTL be used to determine compliance of processes with norms? 5 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 7. Linear Temporal Logic 101 (Syntax) • Xφ: at the next time φ holds; • Fφ: eventually φ holds (sometimes in the future φ); and • Gφ: globally φ holds (always in the future φ). In addition we have three binary operators: • φ U ψ (until): φ holds until ψ holds; • φ W ψ (weak until): φ holds until ψ holds and ψ might not hold. Interdefinability • Fφ ≡ U φ, • Gφ ≡ ¬F¬φ, • φ W ψ ≡ (φ U ψ) ∨ Gφ 6 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 8. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 9. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 10. Linear Temporal Logic 102 (Semantics) TS, σ |= a s0 a s1 s2 s3 TS, σ |= Xa s0 s1 a s2 s3 TS, σ |= a U b s0 a ∧ ¬b s1 a ∧ ¬b s2 b s3 TS, σ |= Fa s0 ¬a s1 ¬a s2 a s3 TS, σ |= Ga s0 a s1 a s2 a s3 a A formula φ is true in a fullpath σ iff it is true at the first element of the fullpath. A formula is true in a state S TS, s |= φ iff ∀σ: σ[0] = s, TS, σ |= φ. 7 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 11. Obligation, Prohibition and Permission Obligation A situation, an act, or a course of action to which a bearer is legally bound, and if it is not achieved or performed results in a violation. Prohibition A situation, an act, or a course of action which a bearer should avoid, and if it is achieved results in a violation. Permission Something is permitted if the obligation or the prohibition to the contrary does not hold. 8 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 12. Achievement vs Maintenance Obligations • For an achievement obligation, a certain condition must occur at least once before the deadline ‘Customers must pay before the delivery of the good, after receiving the invoice’ • For maintenance obligations, a certain condition must obtain during all instants before the deadline: ‘After opening a bank account, customers must keep a positive balance until bank charges are taken out’ 9 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 13. Achievement and Maintenance Obligations in LTL Maintenance obligation Gφ G(τ → φ U δ) Achievement obligation Fφ G(τ → ¬(¬φ U δ)) 10 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 14. Compliance in LTL To determine, given a model encoding a trace of a business process and a set of formulas encoding the relevant norms, whether the formulas are satisfiable by the model. 11 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 15. LTL Compliance Frameworks • Several compliance frameworks based on LTL have been proposed (e.g., COMPAS, MoBuCOM, BPMN-Q, we focus on COMPAS Compliance Requirement Language CRL). • Propose templates/patterns to capture “compliance requirements” based on the “temporal order” of tasks or business process components. • Templates correspond to temporal logic formulas 12 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 16. CRL Patterns • Absence: φ isAbsent, φ does not occur in the process G¬φ • Existence: φ Exists, φ occurs in the the process Fφ • Leads To: φ LeadsTo ψ, φ must always be followed by ψ G(φ → Fψ) 13 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 17. CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) 14 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 18. CRL Contrary-to-duty Pattern Pattern to represent compensations to violations φ (LeadsTo|DirectlyFollowedBy) φ1 (Else|ElseNext) φ2 . . . (Else|ElseNext) φn translated to G(φ → F|X(φ1 ∧1≤i<n−1 (F|X(φi NotSucceed) ∧ (φi NotSucceed → F|Xφi+1)))) but it does not work for maintenance obligations (prohibitions), Gφ ∧ ¬φ → ⊥. Gφ ∨ F(¬φ ∧ F|Xψ) 14 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 19. CRL Exception Patterns Strong Exceptions: [[R]]Pattern φ → ψ Weak Exceptions: [R]Pattern φ ∨ ψ where: • φ is the LTL translation of R • ψ is the LTL translation of Pattern 15 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 20. Privacy Act Logical Structure • A (“collection of medical information”) is forbidden B (“destruction of medical information”) compensates the illegal collection • A is permitted if C (“acting under a court order”) • D (“collection of personal information”) is forbidden • D is permitted if A is permitted 16 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 21. Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. 17 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 22. Privacy Act in CRL and LTL CRL1 R1 : ([R2]A isAbsent) Else B, CRL2 R2 : C, CRL3 R3 : [R4]D isAbsent, CRL4 R4 : A isPermitted. LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). 17 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 23. CRL: Are We Compliant? Collect Medical Information Collect Personal Information Destroy Medical Information T1 T2 T3 Start End LTL1 G(C ∨ (G¬A ∨ F(A ∧ FB))); LTL2 G(FA ∨ G¬D). • v(start) = { ¬A, ¬B, ¬C, ¬D }; • v(T1) = { A, ¬B, ¬C, ¬D }; • v(T2) = { A, ¬B, ¬C, D }; • v(T3) = { A, B, ¬C, D }; • v(end) = { A, B, ¬C, D }. M |= LTL1 ∧ LTL2 18 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 24. Conclusions • Current Compliance Frameworks based on Temporal Logic are not able to model real life norms. • Result not restricted to Linear Temporal Logic, it extends to other temporal logics • Result is not an impossibility theorem. If one knows what are the compliant traces, one can build a set of temporal formulas corresponding to the compliant traces (but it means using an external oracle, so useless for compliance) • Result seems to affect Deontic logic based on possible world semantics. • As far as we know, PCL and Deontic Event Calculus are not affected by the problem 19 | No Time for Compliance | Guido Governatori, Mustafa Hashmi
  • 25. Questions? Mustafa Hashmi Guido Governatori firstname.lastname@nicta.com.au 20 | No Time for Compliance | Guido Governatori, Mustafa Hashmi