Abstract
Privacy by design (PbD) is the principle that privacy should be considered at every stage of the software engineering process. It is increasingly both viewed as best practice and required by law. It is therefore desirable to have formal methods that provide guarantees that certain privacy-relevant properties hold. We propose an approach that can be used to design a privacy-compliant architecture without needing to know the source code or internal structure of any individual component. We model an architecture as a set of agents or components that pass messages to each other. We present in this paper algorithms that take as input an architecture and a set of privacy constraints, and output an extension of the original architecture that satisfies the privacy constraints.
This is a preview of subscription content, access via your institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In practice, this would presumably be achieved by encryption, but we abstract from these implementation details here. See Sect. 2.1 for more discussion.
References
Alur, R., Černý, P., Zdancewic, S.: Preserving secrecy under refinement. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 107–118. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_10
Antignac, T., Le Métayer, D.: Privacy architectures: reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_2
Antignac, T., Le Métayer, D.: Privacy by design: from technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-06749-0_1
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 184–198 (2006)
Basin, D., Klaedtke, F., Müller, S.: Monitoring security policies with metric first-order temporal logic. In: ACM SACMAT 2010 (2010)
Butin, D., Chicote, M., le Métayer, D.: Log design for accountability. In: IEEE Symposium on Security and Privacy Workshops, pp. 1–7 (2013)
Butin, D., Chicote, M., Le Métayer, D.: Strong accountability: beyond vague promises. Reloading Data Protection, pp. 343–369. Springer, Dordrecht (2014). https://doi.org/10.1007/978-94-007-7540-4_16
Cavoukian, A.: Privacy by design. IEEE Technol. Soc. Mag. 31(4), 18–19 (2012)
Cavoukian, A., Stoddart, J., Dix, A., Nemec, I., Peep, V., Shroff, M.: Resolution on privacy by design. In: 32nd International Conference of Data Protection and Privacy Commissioners (2010)
Clarkson, M.R., Schneider, F.B.: Hyperproperties. J. Comput. Secur. 18(6), 1157–1210 (2010)
Cortesi, A., Ferrara, P., Pistoia, M., Tripp, O.: Datacentric semantics for verification of privacy policy compliance by mobile applications. In: D’Souza, D., Lal, A., Larsen, K.G. (eds.) VMCAI 2015. LNCS, vol. 8931, pp. 61–79. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46081-8_4
Enck, W., et al.: TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones. ACM Trans. Comput. Syst. (TOCS) 32(2), 5 (2014)
Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Official journal of the European union L119, 1–88, May 2016. http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L:2016:119:TOC
Federal Trade Commission: Protecting consumer privacy in an era of rapid change. FTC report (2012)
Ferrara, P., Tripp, O., Pistoia, M.: MorphDroid: fine-grained privacy verification. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 371–380. ACM (2015)
Myers, A.C., Zheng, L., Zdancewic, S., Chong, S., Nystrom, N.: Jif: Java information flow (2001)
Ni, Q., et al.: Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 13(3), 24 (2010)
Pottier, F., Simonet, V.: Information flow inference for ml. ACM Trans. Program. Lang. Syst. (TOPLAS) 25(1), 117–158 (2003)
Schreckling, D., Köstler, J., Schaff, M.: Kynoid: real-time enforcement of fine-grained, user-defined, and data-centric security policies for Android. Inf. Secur. Tech. Rep. 17(3), 71–80 (2013)
Yang, J., Yessenov, K., Solar-Lezama, A.: A language for automatically enforcing privacy policies. In: Proceedings of the 39th ACM SIGPLAN-SIGACT Symposium on Principle of Programming Languages, POPL 2012, Philadelphia, Pennsylvania, USA, 22–28 January 2012, pp. 85–96 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Adams, R., Schupp, S. (2018). Constructing Independently Verifiable Privacy-Compliant Type Systems for Message Passing Between Black-Box Components. In: Piskac, R., Rümmer, P. (eds) Verified Software. Theories, Tools, and Experiments. VSTTE 2018. Lecture Notes in Computer Science(), vol 11294. Springer, Cham. https://doi.org/10.1007/978-3-030-03592-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-03592-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03591-4
Online ISBN: 978-3-030-03592-1
eBook Packages: Computer ScienceComputer Science (R0)