Privacy by design: Formal framework for the analysis of architectural choices

CODASPY 2013 - Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy

Volumn , Issue , 2013, Pages 95-104

  Le Métayer, Daniel ^a  

^a UNIV LYON   (France)

Author keywords

Architecture; Design; Formal; Methodology; Model; Privacy

Indexed keywords

DATA MINIMIZATIONS; DECENTRALIZED ARCHITECTURE; DESIGN APPROACHES; FORMAL; FORMAL FRAMEWORK; INFERENCE SYSTEMS; METHODOLOGY; POTENTIAL ERRORS;

ARCHITECTURE; DATA PRIVACY; MODELS;

DESIGN;

EID: 84874900970     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2435349.2435361     Document Type: Conference Paper

References (54)

1. M. Backes, M. Dürmuth, and G. Karjoth. Unification in privacy policy evaluation - translating EPAL into Prolog. In POLICY, pages 185{188, 2004.
2. J. Balasch, A. Rial, C. Troncoso, B. Preneel, I. Verbauwhede, and C. Geuens. PrETP: Privacy-preserving electronic toll pricing. In USENIX Security Symposium, pages 63{78, 2010.
3. A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In IEEE Symposium on Security and Privacy, pages 184{198, 2006.
4. A. Barth, J. C. Mitchell, A. Datta, and S. Sundaram. Privacy and utility in business processes. In CSF, pages 279{294, 2007.
5. M. Y. Becker, A. Malkis, and L. Bussard. A practical generic privacy language. In ICISS, pages 125{139, 2010.
6. M. Burrows, M. Abadi, and R. M. Needham. A logic of authentication. ACM Trans. Comput. Syst., 8(1):18{36, 1990.
7. L. Bygrave. Privacy-enhancing technologies - caught between a rock and the hard place. Privacy Law and Policy Reporter, 9, 2002.
8. A. Cavoukian. Privacy and radical pragmatism: change the paradigm. White Paper, Information and Privacy Commissioner of Ontario, Canada, 2008.
9. A. Cavoukian. Privacy by design. The 7 foundational principles. White Paper, Information and Privacy Commissioner of Ontario, Canada, 2009.
10. R. Chadha, S. Delaune, and S. Kremer. Epistemic logic for the applied pi calculus. In FMOODS/FORTE, pages 182{197, 2009.
11. O. Chowdhury, H. Chen, J. Niu, N. Li, and E. Bertino. On XACML's adequacy to specify and to enforce HIPAA. In USENIX Workshop on Health Security and Privacy, 2012.
12. L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, M. Schunter, D. A. Stampley, and R. Wenning. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C, 2006.
13. L. Cranor, M. Langheinrich, and M. Marchiori. A P3P Preference Exchange Language 1.0 (APPEL1.0). W3C, 2002.
14. M. L. Damiani, E. Bertino, and C. Silvestri. The probe framework for the personalized cloaking of private locations. Transactions on Data Privacy, 3(2):123{148, 2010.
15. Y. Deswarte and C. A. Melchor. Current and future privacy enhancing technologies for the internet. Annals of Telecommunications, 61(3):399{417, 2006.
16. C. Dwork. Differential privacy. In ICALP (2), pages 1{12, 2006.
17. C. Dwork. A firm foundation for private data analysis. Commun. ACM, 54(1):86{95, 2011.
18. F. D. Garcia and B. Jacobs. Privacy-friendly energy-metering via homomorphic encryption. In STM'10 Proceedings of the 6th international conference on Security and trust management, pages 226{238. Springer, 2010.
19. I. Goldberg. Privacy-enhancing technologies for the internet iii: ten years later. In Digital Privacy: Theory, Technologies, and Practices, pages 84{89. TeX Users Group, December 2007.
20. S. Gürses, C. Troncoso, and C. Diaz. Engineering privacy by design. In Conference on Computers, Privacy and Data Protection (CPDP 2011), 2011.
21. M. Jafari, P. W. L. Fong, R. Safavi-Naini, K. Barker, and N. P. Sheppard. Towards defining semantic foundations for purpose-based privacy policies. In CODASPY, pages 213{224, 2011.
22. W. D. Jonge and B. Jacobs. Privacy-friendly electronic tra-c pricing via commits. In Proceedings of the Workshop of Formal Aspects of Securiy and Trust, pages 132{137. Springer, LNCS 5491, 2009.
23. G. Karjoth, M. Schunter, and E. V. Herreweghen. Translating privacy practices into privacy promises -how to promise what you can keep. In POLICY, pages 135{146, 2003.
24. G. Karjoth, M. Schunter, E. V. Herreweghen, and M. Waidner. Amending P3P for clearer privacy promises. In DEXA Workshops, pages 445{449, 2003.
25. E. Kosta, J. Zibuschka, T. Scherner, and J. Dumortier. Legal considerations on privacy-enhancing location based services using PRIME technology. Computer Law and Security Report, 4:139{146, 2008.
26. J. Krumm. A survey of computational location privacy. Pers Ubiquit Comput, 13:391{399, 2008.
27. T.-M. Kuo and P. Mishra. Strictness analysis: A new perspective based on type inference. In FPCA, pages 260{272, 1989.
28. M. Langheinrich. Privacy by design - principles of privacy aware ubiquitous systems. In Proceedings of the Ubicomp Conference, pages 273{291. Springer, LNCS 2201, 2001.
29. D. Le Métayer. Privacy by Design: a Formal Framework for the Analysis of Architectural Choices (extended version). INRIA Research Report (to appear).
30. D. Le Métayer. A formal privacy management framework. In FAST (Formal Aspects of Security and Trust), pages 161{176. Springer, LNCS 5491, 2009.
31. D. Le Métayer. Privacy by design: a matter of choice. In Data Protection in a Pro-led World, pages 323{334. Springer, 2010.
32. D. Le Metayer. Formal methods a link between software code and legal rules. In SEFM (Software Engineering and Formal Methods), pages 3{18. Springer, LNCS 7041, 2011.
33. M. LeMay, G. Gross, C. A. Gunter, and S. Garg. Unified architecture for large-scale attested metering. In HICSS, page 115, 2007.
34. N. Li, W. H. Qardaji, and D. Su. Provably private data anonymization: Or, k-anonymity meets differential privacy. CoRR, abs/1101.2604, 2011.
35. N. Li, T. Yu, and A. I. Antón. A semantics based approach to privacy languages. Comput. Syst. Sci. Eng., 21(5), 2006.
36. J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In SOSP, pages 321{334, 2009.
37. A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In ICDE, page 24, 2006.
38. M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In CSFW, pages 85{97, 2006.
39. F. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Commun. ACM, 53(9):89{97, 2010.
40. F. McSherry and K. Talwar. Mechanism design via differential privacy. In FOCS, pages 94{103, 2007.
41. J.-J. C. Meyer and W. van der Hoek. Epistemic Logic for Computer Science and Artificial Intelligence.
42. A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol., 9(4):410{442, 2000.
43. A. Narayanan, V. Toubiana, S. Barocas, H. Nissenbaum, and D. Boneh. A critical look at decentralized personal data architectures. CoRR, abs/1202.4503, 2012.
44. OECD. OECD guidelines on the protection of privacy and transborder ows of personal data, Organization for Economic Co-operation and Development. OECD, 1980.
45. R. A. Popa, H. Balakrishnan, and A. J. Blumberg.
46. Y. Poullet. About the e-privacy directive, towards a third generation of data protection legislations. In Data Protection in a Profile World, pages 3{29. Springer, 2010.
47. A. Rezgui, A. Bouguettaya, and M. Y. Eltoweissy. Privacy on the web: facts, challenges, and solutions. IEEE Security and Privacy, pages 40{49, 2003.
48. A. Rial and G. Danezis. Privacy-preserving smart metering. In Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society, WPES 2011. ACM, 2011.
49. L. Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557{570, 2002.
50. M. C. Tschantz, D. K. Kaynar, and A. Datta. Formal verification of differential privacy for interactive systems. CoRR, abs/1101.2819, 2011.
51. M. C. Tschantz and J. M. Wing. Formal methods for privacy. In FM, pages 1{15, 2009.
52. D. J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigenbaum, J. A. Hendler, and G. J. Sussman. Information accountability. Commun. ACM, 51(6):82{87, 2008.
53. T. Yu, N. Li, and A. I. Antón. A formal semantics for P3P. In SWS, pages 1{8, 2004.
54. S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. Comput. Syst., 20(3):283{328, 2002.