Privacy Architectures: Reasoning about Data Minimisation and Integrity

  • Thibaud Antignac
  • Daniel Le Métayer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)


Privacy by design will become a legal obligation in the European Community if the Data Protection Regulation eventually gets adopted. However, taking into account privacy requirements in the design of a system is a challenging task. We propose an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. We illustrate our formal framework through a smart metering case study.


Deductive System Data Minimisation Formal Framework Epistemic Logic European Parliament 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  2. 2.
    Balasch, J., Rial, A., Troncoso, C., Geuens, C.: PrETP: Privacy-Preserving electronic toll pricing. In: Proc. of the 19th USENIX Security Symp., USA, pp. 63–78 (2010)Google Scholar
  3. 3.
    Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: 2006 IEEE Symposium on Security and Privacy, pp. 15–198 (2006)Google Scholar
  4. 4.
    Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 3rd edn. SEI series in Software Engineering. Addison-Wesley (2012)Google Scholar
  5. 5.
    Becker, M.Y., Malkis, A., Bussard, L.: A Practical Generic Privacy Language. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 125–139. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
  7. 7.
    Cohen, M., Dam, M.: A complete axiomatization of knowledge and cryptography. In: 22nd Annual IEEE Symp. on Logic in Comp. Science, pp. 77–88 (2007)Google Scholar
  8. 8.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols: A taster. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 289–309. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Diaz, C., Kosta, E., Dekeyser, H., Kohlweiss, M., Girma, N.: Privacy preserving electronic petitions. Identity in the Information Society 1(1), 203–209 (2009)CrossRefGoogle Scholar
  10. 10.
    Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    European Parliament: European parliament legislative resolution of 12 march 2014 on the proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. General Data Protection Regulation, Ordinary legislative procedure: first reading (March 2014)Google Scholar
  12. 12.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge. MIT Press (2004)Google Scholar
  13. 13.
    Fournet, C., Kohlweiss, M., Danezis, G., Luo, Z.: Zql: A compiler for privacy-preserving data processing. In: Proc. of the 22Nd USENIX Conference on Security, USA, pp. 163–178 (2013)Google Scholar
  14. 14.
    Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 226–238. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  15. 15.
    Glasgow, J., MacEwen, G., Panangaden, P.: A logic for reasoning about security. In: Proc. of the 3rd Computer Security Foundations Workshop, pp. 2–13 (1990)Google Scholar
  16. 16.
    Gürses, S., Troncoso, C., Diaz, C.: Engineering Privacy by Design. Presented at the Computers, Privacy & Data Protection Conf. (2011)Google Scholar
  17. 17.
    Halpern, J.Y., Pucella, R.: Dealing with logical omniscience. In: Proc. of the 11th Conf. on Th. Aspects of Rationality and Knowl., pp. 169–176. ACM, USA (2007)CrossRefGoogle Scholar
  18. 18.
    de Jonge, W., Jacobs, B.: Privacy-Friendly electronic traffic pricing via commits. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 143–161. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Kerschbaum, F.: Privacy-preserving computation. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 41–54. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  20. 20.
    Krumm, J.: A survey of computational location privacy. Personal and Ubiquitous Computing 13(6), 391–399 (2009)CrossRefGoogle Scholar
  21. 21.
    Le Métayer, D.: A Formal Privacy Management Framework. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 162–176. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    Le Métayer, D.: Privacy by design: A formal framework for the analysis of architectural choices. In: Proc. of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 95–104. ACM, USA (2013)Google Scholar
  23. 23.
    Maffei, M., Pecina, K., Reinert, M.: Security and privacy by declarative design. In: IEEE 26th Computer Security Foundations Symposium, pp. 81–96 (2013)Google Scholar
  24. 24.
    Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the cloud: Bridging the gap between design and implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  25. 25.
    Meadows, C.: Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Areas in Comm. 21(1), 44–54 (2003)CrossRefGoogle Scholar
  26. 26.
    Mulligan, D.K., King, J.: Bridging the gap between privacy and design. University of Pennsylvania Journal of Constitutional Law 14(4), 989–1034 (2012)Google Scholar
  27. 27.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)Google Scholar
  28. 28.
    Pucella, R.: Deductive algorithmic knowledge. CoRR cs.AI/0405038 (2004)Google Scholar
  29. 29.
    Rial, A., Danezis, G.: Privacy-Preserving smart metering. Technical report MSR-TR-2010-150, Microsoft Research (2010)Google Scholar
  30. 30.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series, vol. 5, pp. 112–142. IOS Press (2011)Google Scholar
  31. 31.
    Shaw, M., Clements, P.: The golden age of software architecture. IEEE Softw. 23(2), 31–39 (2006)CrossRefGoogle Scholar
  32. 32.
    Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)CrossRefGoogle Scholar
  33. 33.
    Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  34. 34.
    Yu, T., Li, N., Antón, A.I.: A formal semantics for P3P. In: Proc. of the 2004 Workshop on Secure Web Service, SWS 2004, pp. 1–8. ACM, USA (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Thibaud Antignac
    • 1
  • Daniel Le Métayer
    • 1
  1. 1.InriaUniversity of LyonFrance

Personalised recommendations