The idea of norms presupposes agency, and agency presupposes an indeterministic causal order (so that “ought” does not imply “is”). So much can be modeled in “branching time with agents and choices” (BTAC). The seriously ontological independence of agentive choices, however, requires, as a necessary condition, a causal order permitting space-like separation of those choices in a sense definable in “branching space-times with agents and choices” (BSTAC).Let us idealize an agent, when restricted to a single space-time, as a kind of spatio-temporal “worm” in the familiar way, representing the life of the agent in that space-time. Then a representation of “the agent,” since it must include representation of seriously objective choices, must look like a tree with two kinds of branching. In both kinds of branching, there is a single past-pointing worm-like representation of the past-life of the agent up to the branching, and an entire assemblage of distinct worm-like representations of the possible future-life of the agent subsequent to the branching, one for each history in which the life of the agent continues. The first kind of branching occurs at choice-points for the agent. According to BSTAC, such branching will involve a last point of agent’s-choice-not-yet-made (say, a last point of deliberation), but no first point of agent’s-choice-has-beenmade in any possible future-life of the agent. In the second kind of branching, the agent is passive, having two or more possible future-lives due to space-like-related choices by other agents, or by metaphorical “choices” by some space-like-related element of Nature. In this case, BSTAC says that there will be no last point of the past-life of the agent, but instead a first point for each of the agent’s possible future-lives.

In this paper we investigate how to model legal abrogation and annulment in Defeasible Logic. We examine some options that embed in this setting, and similar rule-based systems, ideas from belief and base revision. In both cases, our conclusion is negative, which suggests to adopt a different logical model.

A logic of action is essential for many treatments of normative concerns, but most treatments either ignore the role of agents, as in PDL, or omit all possibility of naming actions, as in various versions of stit theory. Moreover, most treatments of either type do not attempt to provide an account of what actions are, in a way that would distinguish actions from other processes or events. In this paper, I explore an account of actions as a species of events, with events interpreted against a background of the logic of branching time. This opens a new approach to exploring the relations between logics of personal action (e.g. Belnap’s and Horty’s stit theories) and impersonal logics of actions such as PDL, and offers some prospect of a deontic logic which integrates tunsollen (ought to do) into a system of seinsollen (ought to be).

In [1] and [2] we have introduced a novel deontic action logic for reasoning about fault-tolerance. In this paper we present a tableaux method for this logic; this proof system is sound and complete, and because the logic has the usual boolean operators on actions, it also allows us to deal successfully with action complement and parallel execution of actions. Finally, we describe an example of application of this proof system which shows how the tableaux system can be used to obtain (counter-) models of specifications.

The economics of information security has recently become a thriving and fastmoving discipline. As distributed systems are assembled from machines belonging to principals with divergent interests, incentives are becoming as important to dependability as technical design. The new field provides valuable insights not just into security topics such as privacy, bugs, spam, and phishing, but into more general areas such as system dependability (the design of peer-to-peer systems and the optimal balance of effort by programmers and testers), and policy (particularly digital rights management). This research program has been starting to spill over into more general security questions (such as law-enforcement strategy), and into the interface between security and the social sciences. Most recently it has started to interact with psychology, both through the psychologyand- economics tradition and in response to phishing. The promise of this research program is a novel framework for analyzing information security problems - one that is both principled and effective.

The security policy of an information system may include a wide range of different requirements. The literature has primarily focused on access and information flow control requirements and more recently on authentication and usage control requirements. Specifying administration and delegation policies is also an important issue, especially in the context of pervasive distributed systems. In this paper, we are investigating the new issue of modelling intrusion detection and reaction policies and study the appropriateness of using deontic logic for this purpose. We analyze how intrusion detection requirements may be specified to face known intrusions but also new intrusions. In the case of new intrusions, we suggest using the bring it about modality and specifying requirements as prohibitions to bring it about that some security objectives are violated. When some intrusions occur, the security policy to be complete should specify what happens in this case. This is what we call a reaction policy. The paper shows that this part of the policy corresponds to contrary to duty requirements and suggests an approach based on assigning priority to activation contexts of security requirements.

Norms are implemented by administrative procedures. This paper addresses the delegation of control in administrative procedures. Instead of having to check all details, a controlling actor can trust the data provided by other actors, provided they can demonstrate to be ‘in control’. In this paper we provide a conceptual analysis of situations in which control has been delegated. The approach is based on an analysis of the dependencies between activities performed by the actors involved and on evidence documents. To motivate and illustrate the approach, we discuss a case study about the redesign of EU customs procedures for collecting excise duties.

In this paper we investigate the design space of access control logics. Specifically, we consider several possible axioms for the common operator says. Some of the axioms come from modal logic and programming-language theory; others are suggested by ideas from security, such as delegation of authority and the Principle of Least Privilege. We compare these axioms and study their implications.

This paper considers the problem of checking whether an organization conforms to a body of regulation. Conformance is cast as a trace checking question – the regulation is represented in a logic that is evaluated against an abstract trace or run representing the operations of an organization. We focus on a problem in designing a logic to represent regulation. A common phenomenon in regulatory texts is for sentences to refer to others for conditions or exceptions. We motivate the need for a formal representation of regulation to accomodate such references between statements. We then extend linear temporal logic to allow statements to refer to others. The semantics of the resulting logic is defined via a combination of techniques from Reiter’s default logic and Kripke’s theory of truth.

Aqvist’s paradox of epistemic obligation can be solved, if we use knowledge-wh instead of knowledge-that in specifications of the ‘need to know’: the knowledge which an agent in a certain organisational role is required to have. Knowledge-wh is knowledge of an answer to a question, which depends on the context. We show how knowledge-wh can be formalised in a logic of questions, which is combined with standard deontic logic to represent epistemic obligations. We demonstrate that under the new interpretation, the paradox can no longer be derived. The resulting logic is useful for representation of access control policies.

Within a STIT framework, this paper presents a logical study of the interaction between ‘ought-to-do’, and an epistemic notion of ‘knowingly doing’. We start out with some motivating examples concerning the interaction between action, obligation and knowledge. Then we present a complete temporal STIT logic including operators for action, obligation and knowledge. We use the logic to analyze the examples and discuss open problems.

This is an intuitive description of our approach to modelling contrary to duty obligations. We shall describe our ideas through the analysis of typical problematic examples taken from Carmo and Jones [6], L. van der Torre [14] and Prakken and Sergot [5].

The problem of deriving implicit norms from explicitly given ones is at the heart of normative reasoning. In abstracto the problem is that of formalizing a plausible consequence relation taking norms to norms. I argue that any such relation should allow norms to be chained, even when the consequent of one is strictly stronger than the antecedent of another—i. e. even if logical inference is required to complete the chain. However, since it is commonly agreed that the set of items classically entailed by an obligatory proposition are not in general obligatory, we are left with the following problem: How do reserve the right to reason classically for the purpose of chaining, whilst not committing to the view that all items entailed by a norm are obligatory in the same sense. I shall argue that the problem can be given a natural solution with reference to different uses of a norm in a normative system.

Aqvist’s dyadic deontic logic G, which aims at providing an axiomatic characterization of Hansson’s seminal system DSDL3 for conditional obligation, is shown to be strongly complete with respect to its intended modelling.

Writing a contract of a specific content is a ground for purchase, purchase is a ground for ownership, ownership is a ground for power to dispose. Also power to dispose is a consequence of ownership, ownership is a consequence of purchase. etc. The paper presents a continuation of the authors’ previous algebraic representation on ground - consequence chains in normative systems.The paper analyzes different kinds of “implicative closeness” between grounds and consequences in chains of legal concepts, in particular combinations of “weakest ground”, “strongest consequence” and “minimal joining”. The idea of a concept’s being intermediate between concepts of two different sorts is captured by the technical notion of “intervenient”, defined in terms of weakest ground and strongest consequence. A legal example concerning grounds and consequences of “ownership” and “trust” is used to illustrate the application of the formal theory.

The paper discusses the interaction properties between preference and choice of coalitions in a strategic interaction. A language is presented to talk about the conflict between coalitionally optimal and socially optimal choices. Norms are seen as social constructions that enable to enforce socially desirable outcomes.

Continuing prior work ([1, 2]), I integrate a simple system for personal obligation with a system for aretaic (agent-evaluative) appraisal. I then explore various relationships between definable aretaic statuses such as praiseworthiness and blameworthiness and deontic statuses such as obligatoriness and impermissibility. I focus on partitions of the normative statuses generated (cf. "normative positions" but without explicit representation of agency). In addition to representing and exploring traditional questions in ethical theory about the connection between blame, praise, permissibility and obligation, this allows me to carefully represent schemes for supererogation and kin. These controversial concepts have provided challenges to both ethical theory and deontic logic, and are among deontic logic’s test cases.

In this paper we define a framework to introduce gradedness in Deontic logics through the use of fuzzy modalities. By way of example, we instantiate the framework to Standard Deontic logic (SDL) formulas. Given a deontic formula Φ ∈ SDL, our language contains formulas of the form rN or rP , where r ∈ [0, 1], expressing that the preference or probability degree respectively of a norm Φ is at least r. We present sound and complete axiomatisations for these logics.