Skip to main content

Privacy Architectures: Reasoning about Data Minimisation and Integrity

  • Conference paper
Security and Trust Management (STM 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8743))

Included in the following conference series:

Abstract

Privacy by design will become a legal obligation in the European Community if the Data Protection Regulation eventually gets adopted. However, taking into account privacy requirements in the design of a system is a challenging task. We propose an approach based on the specification of privacy architectures and focus on a key aspect of privacy, data minimisation, and its tension with integrity requirements. We illustrate our formal framework through a smart metering case study.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  2. Balasch, J., Rial, A., Troncoso, C., Geuens, C.: PrETP: Privacy-Preserving electronic toll pricing. In: Proc. of the 19th USENIX Security Symp., USA, pp. 63–78 (2010)

    Google Scholar 

  3. Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: 2006 IEEE Symposium on Security and Privacy, pp. 15–198 (2006)

    Google Scholar 

  4. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice, 3rd edn. SEI series in Software Engineering. Addison-Wesley (2012)

    Google Scholar 

  5. Becker, M.Y., Malkis, A., Bussard, L.: A Practical Generic Privacy Language. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 125–139. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  6. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  7. Cohen, M., Dam, M.: A complete axiomatization of knowledge and cryptography. In: 22nd Annual IEEE Symp. on Logic in Comp. Science, pp. 77–88 (2007)

    Google Scholar 

  8. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols: A taster. In: Chaum, D., Jakobsson, M., Rivest, R.L., Ryan, P.Y.A., Benaloh, J., Kutylowski, M., Adida, B. (eds.) Towards Trustworthy Elections. LNCS, vol. 6000, pp. 289–309. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Diaz, C., Kosta, E., Dekeyser, H., Kohlweiss, M., Girma, N.: Privacy preserving electronic petitions. Identity in the Information Society 1(1), 203–209 (2009)

    Article  Google Scholar 

  10. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. European Parliament: European parliament legislative resolution of 12 march 2014 on the proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. General Data Protection Regulation, Ordinary legislative procedure: first reading (March 2014)

    Google Scholar 

  12. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge. MIT Press (2004)

    Google Scholar 

  13. Fournet, C., Kohlweiss, M., Danezis, G., Luo, Z.: Zql: A compiler for privacy-preserving data processing. In: Proc. of the 22Nd USENIX Conference on Security, USA, pp. 163–178 (2013)

    Google Scholar 

  14. Garcia, F.D., Jacobs, B.: Privacy-friendly energy-metering via homomorphic encryption. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 226–238. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Glasgow, J., MacEwen, G., Panangaden, P.: A logic for reasoning about security. In: Proc. of the 3rd Computer Security Foundations Workshop, pp. 2–13 (1990)

    Google Scholar 

  16. Gürses, S., Troncoso, C., Diaz, C.: Engineering Privacy by Design. Presented at the Computers, Privacy & Data Protection Conf. (2011)

    Google Scholar 

  17. Halpern, J.Y., Pucella, R.: Dealing with logical omniscience. In: Proc. of the 11th Conf. on Th. Aspects of Rationality and Knowl., pp. 169–176. ACM, USA (2007)

    Chapter  Google Scholar 

  18. de Jonge, W., Jacobs, B.: Privacy-Friendly electronic traffic pricing via commits. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 143–161. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Kerschbaum, F.: Privacy-preserving computation. In: Preneel, B., Ikonomou, D. (eds.) APF 2012. LNCS, vol. 8319, pp. 41–54. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  20. Krumm, J.: A survey of computational location privacy. Personal and Ubiquitous Computing 13(6), 391–399 (2009)

    Article  Google Scholar 

  21. Le Métayer, D.: A Formal Privacy Management Framework. In: Degano, P., Guttman, J., Martinelli, F. (eds.) FAST 2008. LNCS, vol. 5491, pp. 162–176. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  22. Le Métayer, D.: Privacy by design: A formal framework for the analysis of architectural choices. In: Proc. of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 95–104. ACM, USA (2013)

    Google Scholar 

  23. Maffei, M., Pecina, K., Reinert, M.: Security and privacy by declarative design. In: IEEE 26th Computer Security Foundations Symposium, pp. 81–96 (2013)

    Google Scholar 

  24. Manousakis, V., Kalloniatis, C., Kavakli, E., Gritzalis, S.: Privacy in the cloud: Bridging the gap between design and implementation. In: Franch, X., Soffer, P. (eds.) CAiSE Workshops 2013. LNBIP, vol. 148, pp. 455–465. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  25. Meadows, C.: Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Areas in Comm. 21(1), 44–54 (2003)

    Article  Google Scholar 

  26. Mulligan, D.K., King, J.: Bridging the gap between privacy and design. University of Pennsylvania Journal of Constitutional Law 14(4), 989–1034 (2012)

    Google Scholar 

  27. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)

    Google Scholar 

  28. Pucella, R.: Deductive algorithmic knowledge. CoRR cs.AI/0405038 (2004)

    Google Scholar 

  29. Rial, A., Danezis, G.: Privacy-Preserving smart metering. Technical report MSR-TR-2010-150, Microsoft Research (2010)

    Google Scholar 

  30. Ryan, M.D., Smyth, B.: Applied pi calculus. In: Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series, vol. 5, pp. 112–142. IOS Press (2011)

    Google Scholar 

  31. Shaw, M., Clements, P.: The golden age of software architecture. IEEE Softw. 23(2), 31–39 (2006)

    Article  Google Scholar 

  32. Spiekermann, S., Cranor, L.F.: Engineering privacy. IEEE Transactions on Software Engineering 35(1), 67–82 (2009)

    Article  Google Scholar 

  33. Tschantz, M.C., Wing, J.M.: Formal methods for privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  34. Yu, T., Li, N., Antón, A.I.: A formal semantics for P3P. In: Proc. of the 2004 Workshop on Secure Web Service, SWS 2004, pp. 1–8. ACM, USA (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Antignac, T., Le Métayer, D. (2014). Privacy Architectures: Reasoning about Data Minimisation and Integrity. In: Mauw, S., Jensen, C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham. https://doi.org/10.1007/978-3-319-11851-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-11851-2_2

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-11850-5

  • Online ISBN: 978-3-319-11851-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics