Abstract
Privacy policies are often defined in terms of permitted messages. Instead, in this paper we derive dynamically the permitted messages from static privacy policies defined in terms of permitted and obligatory knowledge. With this new approach, we do not have to specify the permissions and prohibitions of all message combinations explicitly. To specify and reason about such privacy policies, we extend a multi-modal logic introduced by Cuppens and Demolombe with update operators modeling the dynamics of both knowledge and privacy policies. We show also how to determine the obligatory messages, how to express epistemic norms, and how to check whether a situation is compliant with respect to a privacy policy.We axiomatize and prove the decidability of our logic.
We thank the anonymous reviewers of this paper for helpful comments.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Alchourrón, C., Gärdenfors, P., Makinson, D.: On the Logic of Theory Change: Partial Meet Contraction and Revision Functions. Journal of Symbolic logic 50(2), 510–530 (1985)
Anderson, A., et al.: Extensible access control markup language (XACML) version 2.0 (2004)
Aucher, G.: A Combined System for Update Logic and Belief Revision. Master’s thesis. ILLC, University of Amsterdam, the Netherlands (2003)
Balbiani, P., van Ditmarsch, H., Seban, P.: Reasoning about permitted announcements. In: ESSLLI 2009 workshop Logical Methods for Social Concepts, Bordeaux (2009)
Barker, S.: Protecting deductive databases from unauthorized retrieval and update requests. Data and Knowledge Engineering 43(3), 293–315 (2002)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: 19th IEEE Symposium on Security and Privacy, pp. 184–198. IEEE Computer Society, Los Alamitos (2006)
Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and contextual integrity: Framework and applications. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, pp. 279–294. IEEE Computer Society, Los Alamitos (2007)
Bishop, M.: Computer Security: Art and Science. Addison Wesley Professional, Reading (2003)
Blackburn, P., de Rijke, M., Venema, Y.: Modal Logic. Cambridge Tracts in Computer Science, vol. 53. Cambridge University Press, Cambridge (2001)
Bonatti, P., Kraus, S., Subrahmanian, V.: Foundations of Secure Deductive Databases. IEEE Transactions on Knowledge Data and Engineering 7(3), 406–422 (1995)
Castañeda, H.-N.: The paradoxes of Deontic Logic: the simplest solution to all of them in one fell swoop. Synthese library, pp. 37–86 (1981)
Castañeda, H.-N.: Knowledge and epistemic obligation. Philosophical perspectives 2, 211–233 (1988)
Cranor, L.: Web Privacy with P3P. O’Reilly and Associates Inc., Sebastopol (2002)
Cuppens, F.: A Logical Formalization of Secrecy. In: 6th IEEE Computer Security Foundations Workshop - CSFW’93. IEEE Computer Society, Los Alamitos (1993)
Cuppens, F., Demolombe, R.: Normative Conflicts in a Confidentiality Policy. In: ECAI Workshop on Artificial Normative Reasoning (1994)
Cuppens, F., Demolombe, R.: A Deontic Logic for Reasoning about Confidentiality. In: Deontic Logic, Agency and Normative Systems, DEON ’96: Third International Workshop on Deontic Logic in Computer Science, Springer, Heidelberg (1996)
Cuppens, F., Demolombe, R.: A Modal Logical Framework for Security Policies. In: Raś, Z.W., Skowron, A. (eds.) ISMIS 1997. LNCS, vol. 1325, pp. 579–589. Springer, Heidelberg (1997)
Kanovich, M., Rowe, P., Scedrov, A.: Collaborative Planning With Privacy. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, pp. 265–278 (2007)
Karjoth, G., Schunter, M.: A privacy policy model for enterprises. In: 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society, Los Alamitos (2002)
Kooi, B.: Probabilistic dynamic epistemic logic. Journal of Logic, Language and Information 12(4), 381–408 (2003)
Lam, P., Mitchell, J., Sundaram, S.: A Formalization of HIPAA for a Medical Messaging System. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) Trust, Privacy and Security in Digital Business, TrustBus 2009. LNCS, vol. 5695, pp. 73–85. Springer, Heidelberg (2009)
May, M., Gunter, C., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: 19th IEEE Computer Security Foundations Symposium CSFW-19, pp. 85–97 (2006)
van der Meyden, R.: The Dynamic Logic of Permission. Journal of Logic and Computation 6(3), 465–479 (1996)
Meyer, J.J.: A Different Approach to Deontic Logic: Deontic Logic Viewed as a Variant of Dynamic Logic. Notre Dame Journal of Formal Logic 29(1), 109–136 (1988)
Nielson, H., Nielson, F.: A flow-sensitive analysis of privacy properties. In: 20th IEEE Computer Security Foundations Symposium CSFW’07, pp. 249–264 (2007)
Pacuit, E., Parikh, R.: The logic of knowledge based obligation. Synthese 149(2) (2006)
van Ditmarsch, H., van der Hoek, W., Kooi, B.: Dynamic Epistemic Logic. Synthese library, vol. 337. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aucher, G., Boella, G., van der Torre, L. (2010). Privacy Policies with Modal Logic: The Dynamic Turn. In: Governatori, G., Sartor, G. (eds) Deontic Logic in Computer Science. DEON 2010. Lecture Notes in Computer Science(), vol 6181. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14183-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-14183-6_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14182-9
Online ISBN: 978-3-642-14183-6
eBook Packages: Computer ScienceComputer Science (R0)