Reflections on the design and application of eFLINT
Following advancements of autonomous and distributed computing, software systems are increasingly more integrated with social systems. Compliance with laws, regulations and (contractual) agreements that attempt to regulate such systems is a top priority for many organisations and regulators, as is evidenced by the impact of the EU’s privacy regulations (GDPR) and the anticipated impact of the forthcoming regulations on the use of AI. In various project, the University of Amsterdam is experimenting with approaches to automate compliance in software systems through the integration of so-called regulatory services tasked with enforcing explicit, formal interpretations of relevant norms.
This presentation discusses the design of eFLINT, a domain-specific language for formalising norms used within these projects. In particular, we will discuss the connection between fundamental notions in computer science and the normative theory forming the basis of our approach. This analysis reveals interesting similarities between the processes of drafting regulations and software engineering. In particular, the importance of modularity, inheritance, versioning and specialisation are discussed. The presentation reflects on the first phases of eFLINT’s development, each widening the scope within which eFLINT is applicable, and lays out the plans for the next phase, in which usability is the primary concern.
For source code and examples, go here: https://cci-research.nl/software/eflint/
|eFLINT slides (vanbinsbergen-eflint.pdf)||1.39MiB|
Thomas van Binsbergen is designing and implementing domain-specific languages for the formal specification of norms from a variety of sources such as laws, regulations, policies, contracts and codes of conduct. The resulting formalizations are used in policy-enhanced, distributed software architectures for data sharing. By ensuring compliance with the formalized norms, such systems reduce the risk of violating regulations and add value by increasing the trust in sharing activities.
The SSPDDP project is a collaboration between the knowledge institutes UvA, CWI and VU and the industrial partners ABN AMRO, ING and KLM to develop secure and scalable techniques for policy-enforced data sharing. The project investigates fundamental research questions to develop future-proof, cryptographic solutions to secure and trustworthy data sharing, automatic policy enforcement in distributed systems and bringing the aforementioned data sharing methods to scale. Besides being academically relevant, the outcomes of these investigations suggest a principled, sound and pragmatic mode of operation that can add value to the industry partners in several ways.
In the past, Van Binsbergen has developed modular techniques for describing the semantics of programming languages as part of the PLanCompS project with Peter Mosses and parser combinators for generalised top-down parsing with Adrian Johnstone and Elizabeth Scott. The results are described in his PhD thesis titled “Executable Formal Specification of Programming Languages with Reusable Components” (http://ltvanbinsbergen.nl/thesis/thesis.pdf).
Keywords: modular language definition, domain-specific languages, formal specification, modelling languages, policy-enhanced data-sharing, generalised top-down parsing, declarative programming, purely functional programming, I-MSOS, FunCons, attribute grammars, computer science education