Privacy by Design: On the Conformance Between Protocols and Architectures

  • Vinh-Thong Ta
  • Thibaud Antignac
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8930)


In systems design, we generally distinguish the architecture and the protocol levels. In the context of privacy by design, in the first case, we talk about privacy architectures, which define the privacy goals and the main features of the system at high level. In the latter case, we consider the underlying concrete protocols and privacy enhancing technologies that implement the architectures. In this paper, we address the question that whether a given protocol conforms to a privacy architecture and provide the answer based on formal methods. We propose a process algebra variant to define protocols and reason about privacy properties, as well as a mapping procedure from protocols to architectures that are defined in a high-level architecture language.


Equational Theory Parallel Composition Message Authentication Code Process Algebra Extraction Rule 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



The authors would like to thank Daniel Le Métayer for his initial idea and valuable comments during this work. This work is partially funded by the European project PARIS/FP7-SEC-2012-1, the ANR project BIOPRIV, and the Inria Project Lab CAPPRIS.


  1. 1.
    Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the Spi calculus. Technical Report SRC RR 149, Digital Equipment Corporation, Systems Research Center (1998)Google Scholar
  2. 2.
    Antignac, T., Le Métayer, D.: Privacy architectures: Reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  3. 3.
    Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014) CrossRefGoogle Scholar
  4. 4.
    Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of SSP 2008. IEEE Symposium on Security and Privacy, pp. 202–215, May 2008Google Scholar
  5. 5.
    Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 15–198, May 2006Google Scholar
  6. 6.
    Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. SEI Series in Software Engineering, 3rd edn. Addison-Wesley, Reading (2012) Google Scholar
  7. 7.
    Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. Inf. Syst. Secur. 6503, 125–139 (2011)CrossRefGoogle Scholar
  8. 8.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)CrossRefGoogle Scholar
  9. 9.
    Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)Google Scholar
  10. 10.
    Delaune, S., Ryan, M.D., Smyth, B.: Automatic verification of privacy properties in the applied pi calculus. Trust Management II. IFIP AICT, vol. 263, pp. 263–278. Springer, Boston (2008) CrossRefGoogle Scholar
  11. 11.
    Dong, N., Jonker, H., Pang, J.: Analysis of a receipt-free auction protocol in the applied pi calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  12. 12.
    Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge, paperback edn. MIT Press, New York (2004) Google Scholar
  13. 13.
    Fournet, C., Abadi, M.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming, POPL 2001, pp. 104–115 (2001)Google Scholar
  14. 14.
    Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Babu, C.S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  15. 15.
    Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  16. 16.
    Jafari, M., Fong, P.W., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, New York, USA, pp. 213–224 (2011)Google Scholar
  17. 17.
    Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  18. 18.
    Li, X., Zhang, Y., Deng, Y.: Verifying anonymous credential systems in applied pi calculus. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 209–225. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  19. 19.
    Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Sel. Areas Commun. 21(1), 44–54 (2003)CrossRefGoogle Scholar
  20. 20.
    Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts i and ii. Inf. Comput. 100(1), 1–77 (1992)CrossRefzbMATHMathSciNetGoogle Scholar
  21. 21.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)Google Scholar
  22. 22.
    Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cryptology and Information Security Series, vol. 5, pp. 112–142 (2011)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.INRIAUniversity of LyonLyonFrance

Personalised recommendations