Privacy by Design: On the Conformance Between Protocols and Architectures

In systems design, we generally distinguish the architecture and the protocol levels. In the context of privacy by design, in the first case, we talk about privacy architectures, which define the privacy goals and the main features of the system at high level. In the latter case, we consider the underlying concrete protocols and privacy enhancing technologies that implement the architectures. In this paper, we address the question that whether a given protocol conforms to a privacy architecture and provide the answer based on formal methods. We propose a process algebra variant to define protocols and reason about privacy properties, as well as a mapping procedure from protocols to architectures that are defined in a high-level architecture language.

[1]  Laurent Bussard,et al.  A Practical Generic Privacy Language , 2010, ICISS.

[2]  Daniel Le Métayer,et al.  Privacy by Design: From Technologies to Architectures - (Position Paper) , 2014, APF.

[3]  Paul Clements,et al.  Software architecture in practice , 1999, SEI series in software engineering.

[4]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[5]  Martín Abadi,et al.  Hiding Names: Private Authentication in the Applied Pi Calculus , 2002, ISSS.

[6]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[8]  Robin Milner,et al.  A Calculus of Mobile Processes, II , 1992, Inf. Comput..

[9]  Martín Abadi,et al.  A calculus for cryptographic protocols: the spi calculus , 1997, CCS '97.

[10]  Reihaneh Safavi-Naini,et al.  Towards defining semantic foundations for purpose-based privacy policies , 2011, CODASPY '11.

[11]  Jun Pang,et al.  Analysis of a Receipt-Free Auction Protocol in the Applied Pi Calculus , 2010, Formal Aspects in Security and Trust.

[12]  Yu Zhang,et al.  Verifying Anonymous Credential Systems in Applied Pi Calculus , 2009, CANS.

[13]  Mark Ryan,et al.  Automatic Verification of Privacy Properties in the Applied pi Calculus , 2008, IFIPTM.

[14]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[15]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[16]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[17]  Mark Ryan,et al.  Analysis of an Electronic Voting Protocol in the Applied Pi Calculus , 2005, ESOP.

[18]  Daniel Le Métayer,et al.  Privacy Architectures: Reasoning about Data Minimisation and Integrity , 2014, STM.

[19]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[20]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[21]  Ronald Fagin,et al.  Reasoning about knowledge , 1995 .