A dynamic logic for privacy compliance

  • Guillaume AucherEmail author
  • Guido Boella
  • Leendert van der Torre


Knowledge based privacy policies are more declarative than traditional action based ones, because they specify only what is permitted or forbidden to know, and leave the derivation of the permitted actions to a security monitor. This inference problem is already non trivial with a static privacy policy, and becomes challenging when privacy policies can change over time. We therefore introduce a dynamic modal logic that permits not only to reason about permitted and forbidden knowledge to derive the permitted actions, but also to represent explicitly the declarative privacy policies together with their dynamics. The logic can be used to check both regulatory and behavioral compliance, respectively by checking that the permissions and obligations set up by the security monitor of an organization are not in conflict with the privacy policies, and by checking that these obligations are indeed enforced.


Modal Logic Privacy Policy Security Policy Deontic Logic Epistemic Norm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



We thank the anonymous reviewers of this paper for their extensive and helpful comments.


  1. Alchourrón C, Gärdenfors P, Makinson D (1985) On the logic of theory change: partial meet contraction and revision functions. J Symbol Logic 50(2):510–530zbMATHCrossRefGoogle Scholar
  2. Anderson A (1958) A reduction of deontic logic to alethic modal logic. Mind 67:100–103CrossRefGoogle Scholar
  3. Åqvist L (1967) Good samaritans, contrary-to-duty imperatives, and epistemic obligations. Nôus 1:361–379Google Scholar
  4. Aucher G, Boella G, van der Torre L (2010a) Prescriptive and descriptive obligations in dynamic epistemic deontic logic. In: AI approaches to the complexity of legal systems (AICOL 2009). Springer, Berlin, LNAI, vol 6237, pp 150–161Google Scholar
  5. Aucher G, Boella G, van der Torre L (2010b) Privacy policies with modal logic: the dynamic turn. In: Governatori G, Sartor G (eds) Deontic logic in computer science (DEON 2010). Springer, Berlin, LNCS, vol 6181, pp 196–213Google Scholar
  6. Balbiani P, van Ditmarsch H, Seban P (2009) Reasoning about permitted announcements. In: ESSLLI 2009 workshop logical methods for social concepts, BordeauxGoogle Scholar
  7. Baltag A, Moss L (2004) Logic for epistemic programs. Synthese 139(2):165–224MathSciNetzbMATHCrossRefGoogle Scholar
  8. Baltag A, Moss L, Solecki S (1998) The logic of common knowledge, public announcement, and private suspicions. In: Gilboa I (ed) Proceedings of the 7th conference on theoretical aspects of rationality and knowledge (TARK98), pp 43–56Google Scholar
  9. Barker S (2002) Protecting deductive databases from unauthorized retrieval and update requests. Data Knowl Eng 43(3):295–315MathSciNetCrossRefGoogle Scholar
  10. Barth A, Datta A, Mitchell JC, Nissenbaum H (2006) Privacy and contextual integrity: framework and applications. In: IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos, pp 184–198Google Scholar
  11. Barth A, Mitchell JC, Datta A, Sundaram S (2007) Privacy and contextual integrity: framework and applications. In: IEEE Computer Security Foundations Symposium CSF’07. IEEE Computer Society, Los Alamitos, pp 279–294Google Scholar
  12. Bishop M (2003) Computer security: art and science. Addison Wesley Professional, BostonGoogle Scholar
  13. Blackburn P, de Rijke M, Venema Y (2001) Modal logic, Cambridge tracts in computer science, vol 53. Cambridge University Press, CambridgeGoogle Scholar
  14. Boella G, Governatori G, Rotolo A, van der Torre L (2010) A logical understanding of legal interpretation. In: Principles of knowledge representation and reasoning: proceedings of the twelfth international conference, KR 2010. AAAI PressGoogle Scholar
  15. Bonatti P, Kraus S, Subrahmanian V (1995) Foundations of secure deductive databases. IEEE Trans Knowl Data Eng 7(3):406–422CrossRefGoogle Scholar
  16. Brewer DFC, Nash MJ (1989) The chinese wall security policy. In: IEEE symposium on security and privacy. IEEE Computer Society, Los Alamitos, pp 206–214Google Scholar
  17. Castañeda HN (1981) The paradoxes of deontic logic: the simplest solution to all of them in one fell swoop. In: Hilpinen R (ed) New studies in deontic logic: norms, actions, and the foundations of ethics, synthese library. Reidel Publishing Co., pp 37–86Google Scholar
  18. Castañeda HN (1988) Knowledge and epistemic obligation. Philos Perspect 2:211–233CrossRefGoogle Scholar
  19. Cranor L (2002) Web Privacy with P3P. O’Reilly and Associates Inc, USAGoogle Scholar
  20. Cuppens F (1993) A logical formalization of secrecy. In: IEEE computer security foundations workshop CSFW’93. IEEE Computer Society, Los AlamitosGoogle Scholar
  21. Cuppens F, Demolombe R (1996) A deontic logic for reasoning about confidentiality. In: Deontic logic, agency and normative systems, third international workshop on deontic logic in computer science (DEON 1996). Springer, BerlinGoogle Scholar
  22. Cuppens F, Demolombe R (1997) A modal logical framework for security policies. In: Ras Z, Skowron A (eds) Foundations of intelligent systems, 10th international symposium, ISMIS ’97. Springer, Berlin, LNCS, vol 1325, pp 579–589Google Scholar
  23. DeYoung H, Garg D, Jia L, Kaynar D, Datta A (2010) Experiences in the logical specification of the HIPAA and GLBA privacy laws. In: Proceedings of the 9th annual ACM workshop on privacy in the electronic society, ACM, New York, WPES ’10, pp 73–82Google Scholar
  24. Fagin R, Halpern J, Moses Y, Vardi M (1995) Reasoning about knowledge. MIT Press, UKzbMATHGoogle Scholar
  25. Federal Trade Commission (1998) Children’s Online Privacy Protection Act of 1998 (COPPA).
  26. Federal Trade Commission (1999) Gramm-Leach-Bliley Act (GLBA).
  27. Halpern J, Moses Y (1992) A guide to completeness and complexity for modal logics of knowledge and belief. Artif Intell 54(3):311–379MathSciNetGoogle Scholar
  28. Hinke TH (1988) Database inference engine design approach. In: Database security DBSec, pp 247–262Google Scholar
  29. Horty J (2001) Agency and deontic logic. Oxford University Press, USAzbMATHCrossRefGoogle Scholar
  30. Kanovich M, Rowe P, Scedrov A (2007) Collaborative planning with privacy. In: IEEE computer security foundations symposium CSF’07. IEEE Computer Society, Los Alamitos, pp 265–278Google Scholar
  31. Karjoth G, Schunter M (2002) A privacy policy model for enterprises. In: IEEE computer security foundations workshop CSFW’02. IEEE Computer Society, Los AlamitosGoogle Scholar
  32. Lam P, Mitchell J, Sundaram S (2009) A formalization of HIPAA for a medical messaging system. In: Trust, privacy and security in digital business, TrustBus 2009. Springer, Berlin, pp 73–85Google Scholar
  33. May M, Gunter C, Lee I (2006) Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In: IEEE computer security foundations symposium CSF’06. IEEE Computer Society, Los Alamitos, pp 85–97Google Scholar
  34. Meyer JJC (1988) A different approach to deontic logic: deontic logic viewed as a variant of dynamic logic. Notre Dame J Formal Logic 29(1)Google Scholar
  35. Moses T (2005) Extensible Access Control Markup Language (XACML) version 2.0.
  36. Nielson H, Nielson F (2007) A flow-sensitive analysis of privacy properties. In: IEEE computer security foundations symposium CSF’07. IEEE Computer Society, Los Alamitos, pp 249–264Google Scholar
  37. Office for Civil Rights (2003) Summary of the HIPAA privacy rule.
  38. Pacuit E, Parikh R, Cogan E (2006) The logic of knowledge based obligation. Synthese 149(2):311–341MathSciNetzbMATHCrossRefGoogle Scholar
  39. Sahlqvist H (1975) Completeness and correspondence in the first and second order semantics for modal logics. In: Kanger S (ed) Proceedings of the 3rd Scandinavian logic symposium 1973, North Holland, no. 82 in Studies in LogicGoogle Scholar
  40. Sweeney L (2002) k-anonymity: a model for protecting privacy. Int J Uncertainty Fuzziness Knowl-Based Syst 10(5):557–570MathSciNetzbMATHCrossRefGoogle Scholar
  41. United Nations General Assembly (1948) Universal Declaration of Human Rights (UDHR).
  42. van Ditmarsch H, van der Hoek W, Kooi B (2007) Dynamic epistemic logic, synthese library, vol 337. Springer, BerlinGoogle Scholar
  43. Van der Meyden R (1996) The dynamic logic of permission. J Logic Comput 6:465–479MathSciNetzbMATHCrossRefGoogle Scholar
  44. Warren S, Brandeis L (1890) The right to privacy. Harvard Law Rev 193(4):193–220CrossRefGoogle Scholar
  45. Westin A (1968) Privacy and freedom. 5th edn. Atheneum, New YorkGoogle Scholar

Copyright information

© Springer Science+Business Media B.V. 2011

Authors and Affiliations

  • Guillaume Aucher
    • 1
    Email author
  • Guido Boella
    • 2
  • Leendert van der Torre
    • 3
  1. 1.IRISA, INRIARennesFrance
  2. 2.Dipartimento di InformaticaUniversità di TorinoTorinoItaly
  3. 3.Computer Science and Communication (CSC)University of LuxembourgLuxembourgLuxembourg

Personalised recommendations