Language-Based Enforcement of Privacy Policies

  • Katia Hayati
  • Martín Abadi
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3424)


We develop a language-based approach for modeling and verifying aspects of privacy policies. Our approach relies on information-flow control. Concretely, we use the programming language Jif, an extension of Java with information-flow types. We address basic leaks of private information and also consider other aspects of privacy policies supported by the Platform for Privacy Preferences (P3P) and related systems, namely the notion of purpose and the retention of data.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Implementing P3P using database technology. In: Proceedings of the 19th International Conference on Data Engineering, pp. 595–606 (March 2003)Google Scholar
  2. 2.
    Antón, A.I.: The Privacy Place 2002 privacy values survey (April 2003),
  3. 3.
    Antón, A.I.: The Privacy Place (2004),
  4. 4.
    Antón, A.I., Earp, J.B., Bolchini, D., He, Q., Jensen, C., Stufflebeam, W.: The lack of clarity in financial privacy policies and the need for standardization. Technical Report TR-2003-14, North Carolina State University (2003)Google Scholar
  5. 5.
    Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.1) (2003),
  6. 6.
    Ashley, P., Powers, C., Schunter, M.: From privacy promises to privacy management: A new approach for enforcing privacy throughout an enterprise. In: Proceedings of the 2002 Workshop on New Security Paradigms, pp. 43–50 (2002)Google Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 162–180. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Bohrer, K., Hada, S., Miller, J., Powers, C., Wu, H.f.: Declarative Privacy Monitoring for Tivoli privacy manager (October 2003),
  9. 9.
    Denning, D.E.: Cryptography and Data Security. Addison-Wesley, Reading (1982)MATHGoogle Scholar
  10. 10.
    Dreyer, L.C.J., Olivier, M.S.: An information-flow model for privacy (InfoPriv). In: Jajodia, S. (ed.) Database Security XII: Status and Prospects, pp. 77–90. Kluwer, Dordrecht (1999)Google Scholar
  11. 11.
    He, Q.: Privacy enforcement with an extended role-based access model. Technical Report TR-2003-09, North Carolina State University (February 2003)Google Scholar
  12. 12.
    He, Q., Antón, A.I.: A framework for modeling privacy requirements in role engineering. In: Proceedings of the 9th International Workshop on Requirements Engineering: Foundations for Software Quality, pp. 137–146. Essener Informatik Beiträge (2003)Google Scholar
  13. 13.
    Heintze, N., Riecke, J.G.: The SLam calculus: Programming with secrecy and integrity. In: Proceedings of the 25th ACM SIGPLAN-SIGACT Symposium on Principles of programming languages, pp. 365–377 (1998)Google Scholar
  14. 14.
    Hill, R.K., Fritz, P.: Reference Monitor for Tivoli privacy manager (July 2003),
  15. 15.
    Lategan, F.A., Olivier, M.S.: Privguard: A model to protect private information based on its usage. South African Computer Journal 29, 58–68 (2002)Google Scholar
  16. 16.
    Myers, A.C.: JFlow: Practical mostly-static information flow control. In: Proceedings of the 26th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 228–241 (1999)Google Scholar
  17. 17.
    Myers, A.C.: Mostly-Static Decentralized Information Flow. PhD thesis, Massachussets Institute of Technology (1999)Google Scholar
  18. 18.
    Myers, A.C., Liskov, B.: Protecting privacy using the Decentralized Label Model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)CrossRefGoogle Scholar
  19. 19.
    Palsberg, J., Ørbæk, P.: Trust in the λ-calculus. Journal of Functional Programming 7(6), 557–591 (1997)MATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Pottier, F., Simonet, V.: Information flow inference for ML. ACM Transactions on Programming Languages and Systems 25(1), 117–158 (2003)CrossRefGoogle Scholar
  21. 21.
    Simonet, V.: The Flow Caml System: documentation and user’s manual. Technical Report 0282, Institut National de Recherche en Informatique et en Automatique (INRIA) (July 2003)Google Scholar
  22. 22.
    Jan, C.A., van der Lubbe: PAW: Privacy in an Ambient World (2004),
  23. 23.
    World Wide Web Consortium (W3C). The Platform for Privacy Preferences Specification (April 2002),

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Katia Hayati
    • 1
  • Martín Abadi
    • 1
  1. 1.Department of Computer ScienceUniversity of CaliforniaSanta Cruz

Personalised recommendations