Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing Between Black-Box Components

  • Robin Adams
  • Sibylle Schupp
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11294)


Privacy by design (PbD) is the principle that privacy should be considered at every stage of the software engineering process. It is increasingly both viewed as best practice and required by law. It is therefore desirable to have formal methods that provide guarantees that certain privacy-relevant properties hold. We propose an approach that can be used to design a privacy-compliant architecture without needing to know the source code or internal structure of any individual component. We model an architecture as a set of agents or components that pass messages to each other. We present in this paper algorithms that take as input an architecture and a set of privacy constraints, and output an extension of the original architecture that satisfies the privacy constraints.


  1. 1.
    Alur, R., Černý, P., Zdancewic, S.: Preserving secrecy under refinement. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 107–118. Springer, Heidelberg (2006). Scholar
  2. 2.
    Antignac, T., Le Métayer, D.: Privacy architectures: reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Cham (2014). Scholar
  3. 3.
    Antignac, T., Le Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). Scholar
  4. 4.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 184–198 (2006)Google Scholar
  5. 5.
    Basin, D., Klaedtke, F., Müller, S.: Monitoring security policies with metric first-order temporal logic. In: ACM SACMAT 2010 (2010)Google Scholar
  6. 6.
    Butin, D., Chicote, M., le Métayer, D.: Log design for accountability. In: IEEE Symposium on Security and Privacy Workshops, pp. 1–7 (2013)Google Scholar
  7. 7.
    Butin, D., Chicote, M., Le Métayer, D.: Strong accountability: beyond vague promises. Reloading Data Protection, pp. 343–369. Springer, Dordrecht (2014). Scholar
  8. 8.
    Cavoukian, A.: Privacy by design. IEEE Technol. Soc. Mag. 31(4), 18–19 (2012)CrossRefGoogle Scholar
  9. 9.
    Cavoukian, A., Stoddart, J., Dix, A., Nemec, I., Peep, V., Shroff, M.: Resolution on privacy by design. In: 32nd International Conference of Data Protection and Privacy Commissioners (2010)Google Scholar
  10. 10.
    Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)CrossRefGoogle Scholar
  11. 11.
    Cortesi, A., Ferrara, P., Pistoia, M., Tripp, O.: Datacentric semantics for verification of privacy policy compliance by mobile applications. In: D’Souza, D., Lal, A., Larsen, K.G. (eds.) VMCAI 2015. LNCS, vol. 8931, pp. 61–79. Springer, Heidelberg (2015). Scholar
  12. 12.
    Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)CrossRefGoogle Scholar
  13. 13.
    Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Official journal of the European union L119, 1–88, May 2016.
  14. 14.
    Federal Trade Commission: Protecting consumer privacy in an era of rapid change. FTC report (2012)Google Scholar
  15. 15.
    Ferrara, P., Tripp, O., Pistoia, M.: MorphDroid: fine-grained privacy verification. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 371–380. ACM (2015)Google Scholar
  16. 16.
    Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow (2001)Google Scholar
  17. 17.
    Ni, Q., et al.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 24 (2010)CrossRefGoogle Scholar
  18. 18.
    Pottier, F., Simonet, V.: Information flow inference for ml. ACM Trans. Program. Lang. Syst. (TOPLAS) 25(1), 117–158 (2003)CrossRefGoogle Scholar
  19. 19.
    Schreckling, D., Köstler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android. Inf. Secur. Tech. Rep. 17(3), 71–80 (2013)CrossRefGoogle Scholar
  20. 20.
    Yang, J., Yessenov, K., Solar-Lezama, A.: A language for automatically enforcing privacy policies. In: Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principle of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, 22–28 January 2012, pp. 85–96 (2012)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Chalmers University of TechnologyGothenburgSweden
  2. 2.Technische Universität HamburgHamburgGermany

Personalised recommendations