Privacy Policies with Modal Logic: The Dynamic Turn

  • Guillaume Aucher
  • Guido Boella
  • Leendert van der Torre
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6181)

Abstract

Privacy policies are often defined in terms of permitted messages. Instead, in this paper we derive dynamically the permitted messages from static privacy policies defined in terms of permitted and obligatory knowledge. With this new approach, we do not have to specify the permissions and prohibitions of all message combinations explicitly. To specify and reason about such privacy policies, we extend a multi-modal logic introduced by Cuppens and Demolombe with update operators modeling the dynamics of both knowledge and privacy policies. We show also how to determine the obligatory messages, how to express epistemic norms, and how to check whether a situation is compliant with respect to a privacy policy.We axiomatize and prove the decidability of our logic.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Alchourrón, C., Gärdenfors, P., Makinson, D.: On the Logic of Theory Change: Partial Meet Contraction and Revision Functions. Journal of Symbolic logic 50(2), 510–530 (1985)MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Anderson, A., et al.: Extensible access control markup language (XACML) version 2.0 (2004)Google Scholar
  3. 3.
    Aucher, G.: A Combined System for Update Logic and Belief Revision. Master’s thesis. ILLC, University of Amsterdam, the Netherlands (2003)Google Scholar
  4. 4.
    Balbiani, P., van Ditmarsch, H., Seban, P.: Reasoning about permitted announcements. In: ESSLLI 2009 workshop Logical Methods for Social Concepts, Bordeaux (2009)Google Scholar
  5. 5.
    Barker, S.: Protecting deductive databases from unauthorized retrieval and update requests. Data and Knowledge Engineering 43(3), 293–315 (2002)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: 19th IEEE Symposium on Security and Privacy, pp. 184–198. IEEE Computer Society, Los Alamitos (2006)Google Scholar
  7. 7.
    Barth, A., Mitchell, J.C., Datta, A., Sundaram, S.: Privacy and contextual integrity: Framework and applications. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, pp. 279–294. IEEE Computer Society, Los Alamitos (2007)CrossRefGoogle Scholar
  8. 8.
    Bishop, M.: Computer Security: Art and Science. Addison Wesley Professional, Reading (2003)Google Scholar
  9. 9.
    Blackburn, P., de Rijke, M., Venema, Y.: Modal Logic. Cambridge Tracts in Computer Science, vol. 53. Cambridge University Press, Cambridge (2001)MATHGoogle Scholar
  10. 10.
    Bonatti, P., Kraus, S., Subrahmanian, V.: Foundations of Secure Deductive Databases. IEEE Transactions on Knowledge Data and Engineering 7(3), 406–422 (1995)CrossRefGoogle Scholar
  11. 11.
    Castañeda, H.-N.: The paradoxes of Deontic Logic: the simplest solution to all of them in one fell swoop. Synthese library, pp. 37–86 (1981)Google Scholar
  12. 12.
    Castañeda, H.-N.: Knowledge and epistemic obligation. Philosophical perspectives 2, 211–233 (1988)CrossRefGoogle Scholar
  13. 13.
    Cranor, L.: Web Privacy with P3P. O’Reilly and Associates Inc., Sebastopol (2002)Google Scholar
  14. 14.
    Cuppens, F.: A Logical Formalization of Secrecy. In: 6th IEEE Computer Security Foundations Workshop - CSFW’93. IEEE Computer Society, Los Alamitos (1993)Google Scholar
  15. 15.
    Cuppens, F., Demolombe, R.: Normative Conflicts in a Confidentiality Policy. In: ECAI Workshop on Artificial Normative Reasoning (1994)Google Scholar
  16. 16.
    Cuppens, F., Demolombe, R.: A Deontic Logic for Reasoning about Confidentiality. In: Deontic Logic, Agency and Normative Systems, DEON ’96: Third International Workshop on Deontic Logic in Computer Science, Springer, Heidelberg (1996)Google Scholar
  17. 17.
    Cuppens, F., Demolombe, R.: A Modal Logical Framework for Security Policies. In: Raś, Z.W., Skowron, A. (eds.) ISMIS 1997. LNCS, vol. 1325, pp. 579–589. Springer, Heidelberg (1997)Google Scholar
  18. 18.
    Kanovich, M., Rowe, P., Scedrov, A.: Collaborative Planning With Privacy. In: 20th IEEE Computer Security Foundations Symposium, CSF 2007, pp. 265–278 (2007)Google Scholar
  19. 19.
    Karjoth, G., Schunter, M.: A privacy policy model for enterprises. In: 15th IEEE Computer Security Foundations Workshop. IEEE Computer Society, Los Alamitos (2002)Google Scholar
  20. 20.
    Kooi, B.: Probabilistic dynamic epistemic logic. Journal of Logic, Language and Information 12(4), 381–408 (2003)MATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    Lam, P., Mitchell, J., Sundaram, S.: A Formalization of HIPAA for a Medical Messaging System. In: Fischer-Hübner, S., Lambrinoudakis, C., Pernul, G. (eds.) Trust, Privacy and Security in Digital Business, TrustBus 2009. LNCS, vol. 5695, pp. 73–85. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  22. 22.
    May, M., Gunter, C., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: 19th IEEE Computer Security Foundations Symposium CSFW-19, pp. 85–97 (2006)Google Scholar
  23. 23.
    van der Meyden, R.: The Dynamic Logic of Permission. Journal of Logic and Computation 6(3), 465–479 (1996)MATHCrossRefMathSciNetGoogle Scholar
  24. 24.
    Meyer, J.J.: A Different Approach to Deontic Logic: Deontic Logic Viewed as a Variant of Dynamic Logic. Notre Dame Journal of Formal Logic 29(1), 109–136 (1988)MATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Nielson, H., Nielson, F.: A flow-sensitive analysis of privacy properties. In: 20th IEEE Computer Security Foundations Symposium CSFW’07, pp. 249–264 (2007)Google Scholar
  26. 26.
    Pacuit, E., Parikh, R.: The logic of knowledge based obligation. Synthese 149(2) (2006)Google Scholar
  27. 27.
    van Ditmarsch, H., van der Hoek, W., Kooi, B.: Dynamic Epistemic Logic. Synthese library, vol. 337. Springer, Heidelberg (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Guillaume Aucher
    • 1
  • Guido Boella
    • 2
  • Leendert van der Torre
    • 1
  1. 1.University of Luxembourg 
  2. 2.Università di TorinoItaly

Personalised recommendations