Abstract
In this paper, we demonstrate how formal methods can be used to unambiguously express privacy requirements. We focus on requirements for consent and revocation controls in a real world case study that has emerged within the EnCoRe project. We analyse the ambiguities and issues that arise when requirements expressed in natural language are transformed into a formal notation, and propose solutions to address these issues. These ambiguities were brought to our attention only through the use of a formal notation, which we have designed specifically for this purpose.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Westin, A.: Privacy and Freedom. Atheneum, New York (1967)
Mont, M.C., Pearson, S., Kounga, G., Shen, Y., Bramhall, P.: On the Management of Consent and Revocation in Enterprises: Setting the Context.Technical Report HPL-2009-49, HP Labs, Bristol (2009)
Whitley, E.A.: Information privacy consent and the “control” of personal data, Inform. Secur. Tech. Rep. (2009), doi:10.1016/j.istr, 10.001
Whitley, E.A.: Perceptions of government technology, surveillance and privacy: the UK identity cards scheme. In: Neyland, D., Goold, B. (eds.) New Directions in Privacy and Surveillance, pp. 133–156. William, Gullompton (2009)
EnCoRe, http://www.encore-project.info
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for informed revocation: Shutting off the tap on personal data. In: Bezzi, M., Duquenoy, P., Fischer-Hübner, S., Hansen, M., Zhang, G. (eds.) Privacy and Identity Management for Life. IFIP AICT, vol. 320, pp. 246–258. Springer, Heidelberg (2010)
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: The Logic of Consent and Revocation (2010) (submitted)
Krasnow Waterman, K.: Pre-processing Legal Text: Policy Parsing and Isomorphic Intermediate Representation. In: Intelligent information Privacy Management Symposium at the AAAI Spring Symposium (2010)
Ohm, P.: Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, University of Colorado Law Legal Studies Research Paper No. 09-12 (2009), http://ssrn.com/abstract=1450006
Samarati, P.: Protecting Respondents’ Identities in Microdata Release. IEEE Trans. Knowl. Data Eng. 13(6) (2001)
Ciriani, V., De Capitani di Vimercati, S., Foresti, S., Samarati, P.: k-anonymity.Secure Data. Managment in Decentralized Systems, 323–353 (2007)
Nissenbaum, H.: Privacy as contextual integrity. Washington Law Review 79(1) (2004)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 184–198. IEEE Computer Society, Los Alamitos (2006)
Cranor, L.F.: Web Privacy with P3P. O’Reilly, Sebastopol (2002)
Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). W3C Member Submission (2003)
Tschantz, M.C., Wing, J.M.: Formal Methods for Privacy. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 1–15. Springer, Heidelberg (2009)
EnCoRe Press Briefing, London School of Economics, June 29 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N. (2011). Applying Formal Methods to Detect and Resolve Ambiguities in Privacy Requirements. In: Fischer-Hübner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_22
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)