Type Checking Purpose-Based Privacy Policies in the π-Calculus

In this paper we propose a formal framework for studying privacy preserving policies based on the notion of purpose. Our framework employs the \(\pi \)-calculus with groups accompanied by a type system for capturing privacy requirements. It also incorporates a privacy policy language which captures how different entities within a system, which are distinguished by their roles, may access sensitive information and the purposes for which they are allowed to process the data. We show that a system respects a policy if the typing of the system is compatible with the policy. We illustrate our methodology via analysis of privacy-aware services of a health-care system.

[1]  Daniele Gorla,et al.  Role-based access control for a distributed calculus , 2006, J. Comput. Secur..

[2]  Mark Ryan,et al.  Model Checking Agent Knowledge in Dynamic Access Control Policies , 2013, TACAS.

[3]  James Riely,et al.  Resource Access Control in Systems of Mobile Agents , 2002, Inf. Comput..

[4]  AccorsiRafael,et al.  Information leak detection in business process models , 2015 .

[5]  Dilsun Kirli Kaynar,et al.  Experiences in the logical specification of the HIPAA and GLBA privacy laws , 2010, WPES '10.

[6]  Insup Lee,et al.  Privacy APIs: access control techniques to analyze and verify legal privacy policies , 2006, 19th IEEE Computer Security Foundations Workshop (CSFW'06).

[7]  Julian Rathke,et al.  safeDpi: a language for controlling mobile code , 2005, Acta Informatica.

[8]  Ramakrishnan Srikant,et al.  Hippocratic Databases , 2002, VLDB.

[9]  Ying Liu,et al.  A static compliance-checking framework for business process models , 2007, IBM Syst. J..

[10]  Dimitrios Kouzapas,et al.  Type Checking Privacy Policies in the π-calculus , 2015, FORTE.

[11]  Jorge Lobo,et al.  An obligation model bridging access control policies and privacy policies , 2008, SACMAT '08.

[12]  Elisa Bertino,et al.  Purpose based access control of complex data for privacy protection , 2005, SACMAT '05.

[13]  Michael Carl Tschantz,et al.  Formalizing and Enforcing Purpose Restrictions in Privacy Policies , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Birgit Pfitzmann,et al.  A Toolkit for Managing Enterprise Privacy Policies , 2003, ESORICS.

[15]  Michael Carl Tschantz,et al.  Formal Methods for Privacy , 2009, FM.

[16]  Helen Nissenbaum,et al.  Privacy in Context - Technology, Policy, and the Integrity of Social Life , 2009 .

[17]  Niels Lohmann,et al.  Information leak detection in business process models: Theory, application, and tool support , 2015, Inf. Syst..

[18]  Felix Klaedtke,et al.  Policy Monitoring in First-Order Temporal Logic , 2010, CAV.

[19]  Dilsun Kirli Kaynar,et al.  Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms , 2011, ICISS.

[20]  Ilaria Castellani,et al.  Typing access control and secure information flow in sessions , 2014, Inf. Comput..

[21]  Ning Zhang,et al.  A Purpose-Based Access Control Model , 2007 .

[22]  Luca Cardelli,et al.  Secrecy and group creation , 2005, Inf. Comput..

[23]  Mariangiola Dezani-Ciancaglini,et al.  Types for Role-Based Access Control of Dynamic Web Data , 2010, WFLP.

[24]  Adriana B. Compagnoni,et al.  Role-based access control for boxed ambients , 2008, Theor. Comput. Sci..

[25]  Elena Ferrari,et al.  Enforcement of Purpose Based Access Control within Relational Database Management Systems , 2014, IEEE Transactions on Knowledge and Data Engineering.

[26]  Limin Jia,et al.  Policy auditing over incomplete logs: theory, implementation and applications , 2011, CCS '11.

[27]  Michele Bugliesi,et al.  A type system for Discretionary Access Control , 2009, Math. Struct. Comput. Sci..

[28]  Jeffery von Ronne,et al.  Privacy promises that can be kept: a policy analysis method with application to the HIPAA privacy rule , 2013, SACMAT '13.

[29]  Francesco Tiezzi,et al.  Regulating data exchange in service oriented applications , 2007, FSEN'07.

[30]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[31]  Insup Lee,et al.  Run-Time Checking of Dynamic Properties , 2006, Electron. Notes Theor. Comput. Sci..