AIR Policy Language - Providing Policy Decisions with Integrated Explanations

Lalana Kagal

13 February 2008

Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory

AIR Policy Language

rule-based policy language for accountability and access control
integrated explanations for policy decisions through dependency tracking
more efficient and expressive reasoning through the use of goal direction
grounded in Semantic Web technologies for greater interoperability, reusability, and extensibility

Importance of Explanations

Explanations for policy decisions allow users to understand how the results were obtained
Increase trust in the policy reasoning and enforcement process
Used by policy administrators to confirm the correctness of the policy and to check that the result is as expected
In the case of failed queries, they can be used to figure out what additional information is required for success
Dependency tracking during reasoning process provides integrated justification support

DenyServiceEvent is not compatible with MA Disability Discrimination Law

Importance of Explanations

Explanations for policy decisions allow users to understand how the results were obtained
Increase trust in the policy reasoning and enforcement process
Used by policy administrators to confirm the correctness of the policy and to check that the result is as expected
In the case of failed queries, they can be used to figure out what additional information is required for success
Dependency tracking during reasoning process provides integrated justification support

DenyServiceEvent is not compatible with MA Disability Discrimination Law
Denial of service based on health information

Dependency Tracking

specific set of premises from which any conclusion/policy decision was derived is an effective explanation for the conclusion
these premises are called the set of dependencies and dependency tracking is the process of maintaining dependency sets for derived conclusions
We use Truth Maintenance System (TMS) for tracking dependencies of conclusions
- keeps track of the logical structure of a derivation
- has ability to assume and retract hypothetical premises
Explanations are automatically generated by extracting and presenting relevant information from dependencies

AIR specifications

Each AIR policy consists of one or more rules
policy = { rule }
A rule is made up of a pattern that when matched causes an action to be fired. Optional: description, justification
rule = { pattern, action [ description justification ]}
An action can either be an assertion, which is a set of facts that are added to the knowledge base or a nested rule
action = { assertion | rule }

     :MyFirstPolicy a air:Policy;
	 air:rule [
	     air:pattern { ... };
	     air:assertion { ... };
	     air:rule [ ... ]
	 ].

How AIR fits into our accountability framework

Accountability allows violators of applicable privacy policies to be identified and held accountable
Privacy usage restrictions and resource access control policies are specified in AIR
User's actions within the framework are captured and annotated transaction logs are maintained
Policy compliance over transaction logs can be checked using the AIR reasoner

Scenario extension

Delta company finds foreign language documents containing names, addresses, and pictures at the IED factory
The documents are translated into HTML with RDFa markup
RDFa is extracted from the translated documents and matched against the Red Cross missing persons database
A match returned. The suspected terrorist's brother has filed him as a missing person. The search result includes the brother's address
Delta company carry out the search at the brother's premises
The brother files a complaint asking for a reason why his premises were searched
The AIR reasoners infers that the use of Red Cross data to carry out a search violates a UN General Assembly resolution and the Universal Declaration of Human Rights article 12
- Transaction log in N3
- Universal Declaration of Human rights Policy
  UN General Assembly resolution Policy

More information: ARL Scenario

Universal Declaration of Human Rights

The Universal Declaration of Human Rights provides for privacy of family relationships:
Article 12
"No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."
More information: http://www.unhchr.ch/udhr/lang/eng.htm

:Universal_Declaration_of_Human_Rights_Article12 a air:Policy;
        rdfs:label "Universal Declaration of Human rights, Article 12";
        air:variable :COMPLAINT, :SEARCHEVENT, :ACTOR, :ADDRESS, :DEFENDANT;
        air:variable :DATA, :PURPOSE, :SPURPOSE, :PEVENT;
        air:rule :UDHR_1.

:UDHR_1 a air:BeliefRule;
        air:label "Universal Declaration of Human rights, Article 12 #1";
        air:pattern {
          :COMPLAINT a tami:PrivacyViolationComplaint;
                tami:prevEvent :SEARCHEVENT;
                tami:actor :ACTOR;
                tami:defendant :DEFENDANT.
           :SEARCHEVENT a tami:SearchEvent.
           :DEFENDANT a tami:Military.
        };
       air:description (:COMPLAINT " was filed by " :ACTOR " about " :SEARCHEVENT " performed by " :DEFENDANT );
        air:rule :UDHR_2.

:UDHR_2 a air:BeliefRule;
        air:label "Universal Declaration of Human rights, Article 12 #2";
        air:pattern {
            :SEARCHEVENT tami:data :DATA;
                tami:purpose :SPURPOSE.
            :DATA tami:purpose :PURPOSE.
        };
        air:description("Purpose of " :SEARCHEVENT " was " :SPURPOSE " and it used data meant to be used for " :PURPOSE " purposes ");
        air:rule :UDHR_3.

...

UN General Assembly Resolution

"Humanitarian assistance must be provided in accordance with the principles of humanity, neutrality and impartiality." http://www.un.org/documents/ga/res/46/a46r182.htm

:UN_General_Assembly_Resolution a air:Policy;
        rdfs:label "UN General Assembly Resolution";
        air:variable :COMPLAINT, :SEARCHEVENT, :ACTOR, :DEFENDANT;
        air:variable :DATA, :PURPOSE, :SPURPOSE, :INFORMEVENT;
        air:rule :UNR_1.

:UNR_1 a air:BeliefRule;
        rdfs:label "UN General Assembly Resolution #1";
        air:pattern {
          :COMPLAINT a tami:PrivacyViolationComplaint;
                tami:prevEvent :SEARCHEVENT;
                tami:actor :ACTOR;
                tami:defendant :DEFENDANT.
           :SEARCHEVENT a tami:SearchEvent;
                tami:actor :DEFENDANT.
           #:DEFENDANT a tami:Military.
        };
       air:description (:COMPLAINT " was filed by " :ACTOR " about " :SEARCHEVENT " performed by " :DEFENDANT );
       air:rule :UNR_2.

:UNR_2 a air:BeliefRule;
        rdfs:label "UN General Assembly Resolution #2";
        air:pattern {
            :SEARCHEVENT tami:data :DATA;
                tami:purpose :SPURPOSE;
                tami:prevEvent :INFORMEVENT.
            :INFORMEVENT  a tami:Inform;
                tami:content :DATA;
                tami:receiver :DEFENDANT;
                tami:sender tami:RedCross.
            :DATA tami:purpose :PURPOSE.
        };
        air:description(:SEARCHEVENT  " has purpose " :SPURPOSE " and uses data obtained from the Red Cross ");
        air:rule :UNR_3.

...

AIR Demo

Install Tabulator Extension: http://www.w3.org/2005/ajar/tab
Remote
- Call reasoner on web server with remote log and UDHR policy or UN Resolution policy
- Invoking reasoner:
```
http://mr-burns.w3.org/cgi-bin/server_cgi.py?logFile="name of log file"&rulesFile="name of policy file"
```
- View justification for UDHR: JustificationUI
- View justification for UN Resolution: JustificationUI

AIR contributions

automated but configurable explanations for policy decisions
more efficient and expressive reasoning
presenting explanations in Justification UI

More Information

AIR specifications: http://dig.csail.mit.edu/TAMI/2007/AIR/
AIR ontology: http://dig.csail.mit.edu/TAMI/2007/amord/air.ttl
Paper on AIR submitted to IEEE Policy 2008: Integrated Policy Explanations via Dependency Tracking
TAMI/E2ESA: http://dig.csail.mit.edu/TAMI/
Details of scenario: http://dig.csail.mit.edu/2008/ARL/
Improving UI: DIG blog entry