research-article

Privacy by design: a formal framework for the analysis of architectural choices

Author:

Daniel Le MétayerAuthors Info & Claims

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

Pages 95 - 104

https://doi.org/10.1145/2435349.2435361

Published: 18 February 2013 Publication History

Abstract

The privacy by design approach has already been applied in different areas. We believe that the next challenge in this area today is to go beyond individual cases and to provide methodologies to explore the design space in a systematic way. As a first step in this direction, we focus in this paper on the data minimization principle and consider different options using decentralized architectures in which actors do not necessarily trust each other. We propose a framework to express the parameters to be taken into account (the service to be performed, the actors involved, their respective requirements, etc.) and an inference system to derive properties such as the possibility for an actor to detect potential errors (or frauds) in the computation of a variable. This inference system can be used in the design phase to check if an architecture meets the requirements of the parties or to point out conflicting requirements.

References

[1]

M. Backes, M. Dürmuth, and G. Karjoth. Unification in privacy policy evaluation - translating EPAL into Prolog. In POLICY, pages 185--188, 2004.

Digital Library

[2]

J. Balasch, A. Rial, C. Troncoso, B. Preneel, I. Verbauwhede, and C. Geuens. PrETP: Privacy-preserving electronic toll pricing. In USENIX Security Symposium, pages 63--78, 2010.

Digital Library

[3]

A. Barth, A. Datta, J. C. Mitchell, and H. Nissenbaum. Privacy and contextual integrity: Framework and applications. In IEEE Symposium on Security and Privacy, pages 184--198, 2006.

Digital Library

[4]

A. Barth, J. C. Mitchell, A. Datta, and S. Sundaram. Privacy and utility in business processes. In CSF, pages 279--294, 2007.

Digital Library

[5]

M. Y. Becker, A. Malkis, and L. Bussard. A practical generic privacy language. In ICISS, pages 125--139, 2010.

Digital Library

[6]

M. Burrows, M. Abadi, and R. M. Needham. A logic of authentication. ACM Trans. Comput. Syst., 8(1):18--36, 1990.

Digital Library

[7]

L. Bygrave. Privacy-enhancing technologies - caught between a rock and the hard place. Privacy Law and Policy Reporter, 9, 2002.

[8]

A. Cavoukian. Privacy and radical pragmatism: change the paradigm. White Paper, Information and Privacy Commissioner of Ontario, Canada, 2008.

[9]

A. Cavoukian. Privacy by design. The 7 foundational principles. White Paper, Information and Privacy Commissioner of Ontario, Canada, 2009.

[10]

R. Chadha, S. Delaune, and S. Kremer. Epistemic logic for the applied pi calculus. In FMOODS/FORTE, pages 182--197, 2009.

Digital Library

[11]

O. Chowdhury, H. Chen, J. Niu, N. Li, and E. Bertino. On XACML's adequacy to specify and to enforce HIPAA. In USENIX Workshop on Health Security and Privacy, 2012.

Digital Library

[12]

L. Cranor, B. Dobbs, S. Egelman, G. Hogben, J. Humphrey, M. Langheinrich, M. Marchiori, M. Presler-Marshall, J. Reagle, M. Schunter, D. A. Stampley, and R. Wenning. The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. W3C, 2006.

[13]

L. Cranor, M. Langheinrich, and M. Marchiori. A P3P Preference Exchange Language 1.0 (APPEL1.0). W3C, 2002.

[14]

M. L. Damiani, E. Bertino, and C. Silvestri. The probe framework for the personalized cloaking of private locations. Transactions on Data Privacy, 3(2):123--148, 2010.

Digital Library

[15]

Y. Deswarte and C. A. Melchor. Current and future privacy enhancing technologies for the internet. Annals of Telecommunications, 61(3):399--417, 2006.

[16]

C. Dwork. Differential privacy. In ICALP (2), pages 1--12, 2006.

Digital Library

[17]

C. Dwork. A firm foundation for private data analysis. Commun. ACM, 54(1):86--95, 2011.

Digital Library

[18]

F. D. Garcia and B. Jacobs. Privacy-friendly energy-metering via homomorphic encryption. In STM'10 Proceedings of the 6th international conference on Security and trust management, pages 226--238. Springer, 2010.

Digital Library

[19]

I. Goldberg. Privacy-enhancing technologies for the internet iii: ten years later. In Digital Privacy: Theory, Technologies, and Practices, pages 84--89. TeX Users Group, December 2007.

[20]

S. Gürses, C. Troncoso, and C. Diaz. Engineering privacy by design. In Conference on Computers, Privacy and Data Protection (CPDP 2011), 2011.

[21]

M. Jafari, P. W. L. Fong, R. Safavi-Naini, K. Barker, and N. P. Sheppard. Towards defining semantic foundations for purpose-based privacy policies. In CODASPY, pages 213--224, 2011.

Digital Library

[22]

W. D. Jonge and B. Jacobs. Privacy-friendly electronic traffic pricing via commits. In Proceedings of the Workshop of Formal Aspects of Securiy and Trust, pages 132--137. Springer, LNCS 5491, 2009.

Digital Library

[23]

G. Karjoth, M. Schunter, and E. V. Herreweghen. Translating privacy practices into privacy promises -how to promise what you can keep. In POLICY, pages 135--146, 2003.

Digital Library

[24]

G. Karjoth, M. Schunter, E. V. Herreweghen, and M. Waidner. Amending P3P for clearer privacy promises. In DEXA Workshops, pages 445--449, 2003.

Digital Library

[25]

E. Kosta, J. Zibuschka, T. Scherner, and J. Dumortier. Legal considerations on privacy-enhancing location based services using PRIME technology. Computer Law and Security Report, 4:139--146, 2008.

[26]

J. Krumm. A survey of computational location privacy. Pers Ubiquit Comput, 13:391--399, 2008.

Digital Library

[27]

T.-M. Kuo and P. Mishra. Strictness analysis: A new perspective based on type inference. In FPCA, pages 260--272, 1989.

Digital Library

[28]

M. Langheinrich. Privacy by design - principles of privacy aware ubiquitous systems. In Proceedings of the Ubicomp Conference, pages 273--291. Springer, LNCS 2201, 2001.

Digital Library

[29]

D. Le Métayer. Privacy by Design: a Formal Framework for the Analysis of Architectural Choices (extended version). INRIA Research Report (to appear).

[30]

D. Le Métayer. A formal privacy management framework. In FAST (Formal Aspects of Security and Trust), pages 161--176. Springer, LNCS 5491, 2009.

Digital Library

[31]

D. Le Métayer. Privacy by design: a matter of choice. In Data Protection in a Profiled World, pages 323--334. Springer, 2010.

[32]

D. Le Métayer. Formal methods a link between software code and legal rules. In SEFM (Software Engineering and Formal Methods), pages 3--18. Springer, LNCS 7041, 2011.

Digital Library

[33]

M. LeMay, G. Gross, C. A. Gunter, and S. Garg. Unified architecture for large-scale attested metering. In HICSS, page 115, 2007.

Digital Library

[34]

N. Li, W. H. Qardaji, and D. Su. Provably private data anonymization: Or, k-anonymity meets differential privacy. CoRR, abs/1101.2604, 2011.

[35]

N. Li, T. Yu, and A. I. Antón. A semantics based approach to privacy languages. Comput. Syst. Sci. Eng., 21(5), 2006.

[36]

J. Liu, M. D. George, K. Vikram, X. Qi, L. Waye, and A. C. Myers. Fabric: a platform for secure distributed computation and storage. In SOSP, pages 321--334, 2009.

Digital Library

[37]

A. Machanavajjhala, J. Gehrke, D. Kifer, and M. Venkitasubramaniam. l-diversity: Privacy beyond k-anonymity. In ICDE, page 24, 2006.

Digital Library

[38]

M. J. May, C. A. Gunter, and I. Lee. Privacy APIs: Access control techniques to analyze and verify legal privacy policies. In CSFW, pages 85--97, 2006.

Digital Library

[39]

F. McSherry. Privacy integrated queries: an extensible platform for privacy-preserving data analysis. Commun. ACM, 53(9):89--97, 2010.

Digital Library

[40]

F. McSherry and K. Talwar. Mechanism design via differential privacy. In FOCS, pages 94--103, 2007.

Digital Library

[41]

J.-J. C. Meyer and W. van der Hoek. Epistemic Logic for Computer Science and Artificial Intelligence.

[42]

A. C. Myers and B. Liskov. Protecting privacy using the decentralized label model. ACM Trans. Softw. Eng. Methodol., 9(4):410--442, 2000.

Digital Library

[43]

A. Narayanan, V. Toubiana, S. Barocas, H. Nissenbaum, and D. Boneh. A critical look at decentralized personal data architectures. CoRR, abs/1202.4503, 2012.

[44]

OECD. OECD guidelines on the protection of privacy and transborder flows of personal data, Organization for Economic Co-operation and Development. OECD, 1980.

[45]

R. A. Popa, H. Balakrishnan, and A. J. Blumberg. Vpriv: Protecting privacy in location-based vehicular services. In USENIX Security Symposium, pages 335--350, 2009.

Digital Library

[46]

Y. Poullet. About the e-privacy directive, towards a third generation of data protection legislations. In Data Protection in a Profile World, pages 3--29. Springer, 2010.

[47]

A. Rezgui, A. Bouguettaya, and M. Y. Eltoweissy. Privacy on the web: facts, challenges, and solutions. IEEE Security and Privacy, pages 40--49, 2003.

Digital Library

[48]

A. Rial and G. Danezis. Privacy-preserving smart metering. In Proceedings of the 2011 ACM Workshop on Privacy in the Electronic Society, WPES 2011. ACM, 2011.

Digital Library

[49]

L. Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557--570, 2002.

Digital Library

[50]

M. C. Tschantz, D. K. Kaynar, and A. Datta. Formal verification of differential privacy for interactive systems. CoRR, abs/1101.2819, 2011.

[51]

M. C. Tschantz and J. M. Wing. Formal methods for privacy. In FM, pages 1--15, 2009.

Digital Library

[52]

D. J. Weitzner, H. Abelson, T. Berners-Lee, J. Feigenbaum, J. A. Hendler, and G. J. Sussman. Information accountability. Commun. ACM, 51(6):82--87, 2008.

Digital Library

[53]

T. Yu, N. Li, and A. I. Antón. A formal semantics for P3P. In SWS, pages 1--8, 2004.

Digital Library

[54]

S. Zdancewic, L. Zheng, N. Nystrom, and A. C. Myers. Secure program partitioning. ACM Trans. Comput. Syst., 20(3):283--328, 2002.

Digital Library

Cited By

Sharma HKanwal N(2024)Video surveillance in smart cities: current status, challenges & future directionsMultimedia Tools and Applications10.1007/s11042-024-19696-6Online publication date: 24-Jun-2024
https://doi.org/10.1007/s11042-024-19696-6
Fabrègue BBogoni A(2023)Privacy and Security Concerns in the Smart CitySmart Cities10.3390/smartcities60100276:1(586-613)Online publication date: 10-Feb-2023
https://doi.org/10.3390/smartcities6010027
Troubitsyna E(2023)Monitoring Privacy-Preserving Constraints in Microservices Architecture Through Parameter Formalisation2023 3rd Intelligent Cybersecurity Conference (ICSC)10.1109/ICSC60084.2023.10349989(54-62)Online publication date: 23-Oct-2023
https://doi.org/10.1109/ICSC60084.2023.10349989
Show More Cited By

Index Terms

Privacy by design: a formal framework for the analysis of architectural choices
1. Security and privacy
  1. Intrusion/anomaly detection and malware mitigation
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Privacy by Design and Software Engineering: a Systematic Literature Review
SBQS '22: Proceedings of the XXI Brazilian Symposium on Software Quality

Service providers increasingly collect, process, store, and share data from their users to understand their preferences to make better decisions and make accurate estimates for the delivery of advertisements, products, and services. However, the misuse ...
Architecture for user-controlled e-privacy
SAC '03: Proceedings of the 2003 ACM symposium on Applied computing

Empowering users to make informed decision-making over online release of private data is a challenge in today's society. A large majority of users has rejected many e-privacy business models including Lumeria's, Zero-Knowledge's, and Microsoft's ...
Formal Verification of Differential Privacy for Interactive Systems (Extended Abstract)

Differential privacy is a promising approach to privacy preserving data analysis with a well-developed theory for functions. Despite recent work on implementing systems that aim to provide differential privacy, the problem of formally verifying that ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CODASPY '13: Proceedings of the third ACM conference on Data and application security and privacy

February 2013

400 pages

ISBN:9781450318907

DOI:10.1145/2435349

General Chairs:
Elisa Bertino
Purdue University, USA
,
Ravi Sandhu
University of Texas at San Antonio, USA
,
Program Chair:
Lujo Bauer
Carnegie Mellon University, USA
,
Publications Chair:
Jaehong Park
University of Texas at San Antonio, USA

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 February 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CODASPY'13

Sponsor:

SIGSAC

CODASPY'13: Third ACM Conference on Data and Application Security and Privacy

February 18 - 20, 2013

Texas, San Antonio, USA

Acceptance Rates

CODASPY '13 Paper Acceptance Rate 24 of 107 submissions, 22%;

Overall Acceptance Rate 149 of 789 submissions, 19%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
610
Total Downloads

Downloads (Last 12 months)35
Downloads (Last 6 weeks)2

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Sharma HKanwal N(2024)Video surveillance in smart cities: current status, challenges & future directionsMultimedia Tools and Applications10.1007/s11042-024-19696-6Online publication date: 24-Jun-2024
https://doi.org/10.1007/s11042-024-19696-6
Fabrègue BBogoni A(2023)Privacy and Security Concerns in the Smart CitySmart Cities10.3390/smartcities60100276:1(586-613)Online publication date: 10-Feb-2023
https://doi.org/10.3390/smartcities6010027
Troubitsyna E(2023)Monitoring Privacy-Preserving Constraints in Microservices Architecture Through Parameter Formalisation2023 3rd Intelligent Cybersecurity Conference (ICSC)10.1109/ICSC60084.2023.10349989(54-62)Online publication date: 23-Oct-2023
https://doi.org/10.1109/ICSC60084.2023.10349989
Ozmen Garibay OWinslow BAndolina SAntona MBodenschatz ACoursaris CFalco GFiore SGaribay IGrieman KHavens JJirotka MKacorri HKarwowski WKider JKonstan JKoon SLopez-Gonzalez MMaifeld-Carucci IMcGregor SSalvendy GShneiderman BStephanidis CStrobel CTen Holter CXu W(2023)Six Human-Centered Artificial Intelligence Grand ChallengesInternational Journal of Human–Computer Interaction10.1080/10447318.2022.215332039:3(391-437)Online publication date: 2-Jan-2023
https://doi.org/10.1080/10447318.2022.2153320
Andrade VGomes RReinehr SFreitas CMalucelli A(2022)Privacy by Design and Software EngineeringProceedings of the XXI Brazilian Symposium on Software Quality10.1145/3571473.3571480(1-10)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3571473.3571480
Kumar AUpadhyay AMishra NNath SYadav KSharma G(2022)Privacy and Security Concerns in Edge Computing-Based Smart CitiesRobotics and AI for Cybersecurity and Critical Infrastructure in Smart Cities10.1007/978-3-030-96737-6_5(89-110)Online publication date: 29-Mar-2022
https://doi.org/10.1007/978-3-030-96737-6_5
Al‐Turjman FZahmatkesh HShahroze R(2022)An overview of security and privacy in smart cities' IoT communicationsTransactions on Emerging Telecommunications Technologies10.1002/ett.367733:3Online publication date: 21-Mar-2022
https://dl.acm.org/doi/10.1002/ett.3677
Valadares DWill NCaminha JPerkusich MPerkusich AGorgonio K(2021)Systematic Literature Review on the Use of Trusted Execution Environments to Protect Cloud/Fog-Based Internet of Things ApplicationsIEEE Access10.1109/ACCESS.2021.30855249(80953-80969)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3085524
Zouka HHosni M(2020)Time Granularity-based Privacy Protection for Cloud Metering SystemsAdvances in Science, Technology and Engineering Systems Journal10.25046/aj05061525:6(1278-1285)Online publication date: Dec-2020
https://doi.org/10.25046/aj0506152
Tsakalakis NStalla-Bourdillon SO’Hara K(2019)Data Protection by Design for Cross-Border Electronic Identification: Does the eIDAS Interoperability Framework Need to Be Modernised?Privacy and Identity Management. Fairness, Accountability, and Transparency in the Age of Big Data10.1007/978-3-030-16744-8_17(255-274)Online publication date: 16-Apr-2019
https://doi.org/10.1007/978-3-030-16744-8_17
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents