Formal Methods for Privacy

Privacy means something different to everyone. Against a vast and rich canvas of diverse types of privacy rights and violations, we argue technology's dual role in privacy: new technologies raise new threats to privacy rights and new technologies can help preserve privacy. Formal methods, as just one class of technology, can be applied to privacy, but privacy raises new challenges, and thus new research opportunities, for the formal methods community.

[1]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[2]  William J. Perry,et al.  Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment , 2008 .

[3]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[4]  D. Boyd Why Youth (Heart) Social Network Sites: The Role of Networked Publics in Teenage Social Life , 2007 .

[5]  Jenny Fry,et al.  Engaging Privacy and Information Technology in a Digital Age , 2008 .

[6]  J. Rachels Why privacy is important , 1985 .

[7]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.

[8]  James P. Titus Security and privacy , 1967, CACM.

[9]  Michael Norrish,et al.  seL4: formal verification of an OS kernel , 2009, SOSP '09.

[10]  Joseph Y. Halpern,et al.  Secrecy in Multiagent Systems , 2008, TSEC.

[11]  R. Gavison Privacy and the Limits of Law , 1980 .

[12]  John McLean,et al.  A general theory of composition for trace sets closed under selective interleaving functions , 1994, Proceedings of 1994 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  J. Borges,et al.  A TAXONOMY OF PRIVACY , 2006 .

[14]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[15]  John L. Worrall,et al.  Kyllo v. United States , 2003 .

[16]  Hoeteck Wee,et al.  Toward Privacy in Public Databases , 2005, TCC.

[17]  Terry V. Benzel,et al.  Analysis of a Kemel Verification , 1984, 1984 IEEE Symposium on Security and Privacy.

[18]  J. Meseguer,et al.  Security Policies and Security Models , 1982, 1982 IEEE Symposium on Security and Privacy.

[19]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[20]  Michael R. Clarkson,et al.  Belief in information flow , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[21]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[22]  Nina Mishra,et al.  Releasing search queries and clicks privately , 2009, WWW '09.

[23]  V. Samar,et al.  Lawrence v. Texas , 2007 .

[24]  D. Song,et al.  Influence : A Quantitative Approach for Data Integrity , 2008 .

[25]  W. Parent Privacy, morality, and the law , 1985 .

[26]  Elisa Bertino,et al.  State-of-the-art in privacy preserving data mining , 2004, SGMD.

[27]  Lawrence H. Cox,et al.  Thinking About Privacy: Chapter 1 of "Engaging Privacy and Information Technology in a Digital Age" , 2010, J. Priv. Confidentiality.

[28]  Frank McSherry,et al.  Privacy integrated queries: an extensible platform for privacy-preserving data analysis , 2009, SIGMOD Conference.

[29]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[30]  Jan Jürjens,et al.  Secrecy-Preserving Refinement , 2001, FME.

[31]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[32]  Stephen McCamant,et al.  A simulation-based proof technique for dynamic information flow , 2007, PLAS '07.

[33]  Edward J. Bloustein,et al.  Privacy as an Aspect of Human Dignity : An Answer to Dean Prosser , 1984 .

[34]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[35]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.

[36]  Warren D. Smith Three Voting Protocols: ThreeBallot, VAV, and Twin , 2007, EVT.

[37]  Dawn Song,et al.  Influence: A Quantitative Approach for Data Integrity (CMU-CyLab-08-005) , 2008 .

[38]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[39]  Robert S. Gerstein Intimacy and Privacy , 1978, Ethics.

[40]  Josh Benaloh,et al.  Receipt-free secret-ballot elections (extended abstract) , 1994, STOC '94.

[41]  Ravi Kumar,et al.  On anonymizing query logs via token-based hashing , 2007, WWW '07.

[42]  Tony Mauro,et al.  Katz v. United States , 2006 .

[43]  D. Karlen The Supreme Court of the United States , 1962 .

[44]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[45]  J. Rubenfeld The Right of Privacy , 1989 .

[46]  Josh Benaloh,et al.  Receipt-Free Secret-Ballot Elections , 1994, STOC 1994.

[47]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[48]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[49]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[50]  David Chaum,et al.  Secret-ballot receipts: True voter-verifiable elections , 2004, IEEE Security & Privacy Magazine.

[51]  Helen Nissenbaum,et al.  Privacy and contextual integrity: framework and applications , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[52]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[53]  Lorrie Faith Cranor,et al.  Web Privacy with P3p , 2002 .

[54]  Yufei Tao,et al.  M-invariance: towards privacy preserving re-publication of dynamic datasets , 2007, SIGMOD '07.

[55]  David Clark,et al.  A static analysis for quantifying information flow in a simple imperative language , 2007, J. Comput. Secur..

[56]  George C. Necula,et al.  Safe kernel extensions without run-time checking , 1996, OSDI '96.

[57]  Jonathan M. Silverman,et al.  Reflections on the verification of the security of an operating system kernel , 1983, SOSP '83.

[58]  Records, Computers and the Rights of Citizens , 1973 .

[59]  R. Alday Harvard Civil Rights: Civil Liberties Law Review , 1993 .

[60]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[61]  Heiko Mantel,et al.  Preserving information flow properties under refinement , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[62]  Michael Carl Tschantz,et al.  Measuring the Loss of Privacy from Statistics , 2009 .

[63]  Michael R. Clarkson,et al.  Hyperproperties , 2008, 2008 21st IEEE Computer Security Foundations Symposium.

[64]  Michael P. Thompson Some Tools for Teaching Leadership/Leadership Without Easy Answers Ronald A. Heifetz/Catalytic Leadership Jeffrey S. Luke/How to be a Star at Work: Nine Breakthrough Strategies You Need to Succeed Robert E. Kelly , 1998 .

[65]  Ravi Kumar,et al.  "I know what you did last summer": query logs and user privacy , 2007, CIKM '07.

[66]  José Nuno Oliveira,et al.  FME 2001: Formal Methods for Increasing Software Productivity , 2001, Lecture Notes in Computer Science.

[67]  Angelina Marie Massari The Supreme Court Gives States a Free Rein with Sodomy Statutes, Bowers v. Hardwick, 106 S. Ct. 2841 (1986) , 1987 .

[68]  Calton Pu,et al.  Buffer overflows: attacks and defenses for the vulnerability of the decade , 2003, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].