1 / 23

Conformance Verification of Privacy Policies

Conformance Verification of Privacy Policies. Xiang Fu Assistant Professor Department of Computer Science Hofstra University. Outline. Motivation PV Framework Privacy Properties in Temporal Logic Verification using Alloy Conclusion. Introduction.

edana
Download Presentation

Conformance Verification of Privacy Policies

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Conformance Verification of Privacy Policies Xiang Fu Assistant ProfessorDepartment of Computer ScienceHofstra University

  2. Outline • Motivation • PV Framework • Privacy Properties in Temporal Logic • Verification using Alloy • Conclusion

  3. Introduction

  4. Web App: Consumer and Producerof INFORMATION Online Marketing Web App Email Identity Collection SSN SSN Credit Card Medical Record Address Shopping Preference Shopping Habits Business Partners

  5. Privacy Verification Problem Your SSN never be forwarded CC destroyed after transaction Web App Function as PROMISED?

  6. Challenges Servlets Servlets P3P Privacy Policy DB Ops Business Procedures Model Checker

  7. PV Framework • Privacy Verification Framework 1. Servlet Control/Data Flow 2. Information Flow 3. Data Operations

  8. Data Model • Entity • Data Item Operator CC Card Servlet SSN Database Med Record Atomic Real-Being Business Organization Transaction ID Countable Set Stakeholder Name Primitive Type System Flattened Model

  9. Example: Bookstore App Entities

  10. Example: Bookstore App Data Types

  11. Actions At any moment for any e and d, Know(e,d) is defined • Know(e, d) entity Action: transition system expressed using first order on Know predicates data

  12. Example: Charge Credit Card Free var, input variable All data All entities

  13. Modeling Privacy Policy • Typical Examples: P3P and EPAL • Defines: • (1) What to protect? • (2) Who can receive it? • (3) How long?

  14. P3P Example

  15. Temporal Logic for P3P • CTL-FO = CTL + First Order Quantifiers Credit Card Info Regularly Purged from DB & is not leaked for any credit card for any entities

  16. Verification • (1) Translate from PV to Alloy • (2) Translate CTL-FO to Alloy Predicates • (3) Verification using Alloy

  17. Modeling World Schema module bookstore //1. world schema abstract sig Object {} abstract sig WA, Env, Data extends Object {} abstract sig Actions, Entities extends WA {} … Set of All Data Items Web App. Servlets

  18. Modeling System State • Model the transition relation sig State{ know: (WA + Env) -> Data, prev: one State, actstate: Actions -> actionStatus }{ all x: Actions | some status: actionStatus | x -> status in actstate }

  19. Modeling Action predpChargeCC[s,s’: State, d:CC]{ ChargeCC->READY in s.actstate and ( s’.know = s.know + {DB->d} + {Bank->d} && s’.prev=s && s’.actstate = s.actstate - .. ) }

  20. Modeling CTL-FO Formula predef[s:State, d:Data]{ some s’: State | (CEO->d in s’.know) && s in s’.*prev } predfa[s:State]{ all d: Data | (DB->d in s.know) => ef[s,d] } assert AGProperty{ all s: State | fa[s] }

  21. Initial Experiments 20 Objects

  22. Conclusion • PV Framework for Reasoning about Privacy • Verification Paradigm using Alloy • Problems …

  23. Future Directions • (1) Static Program Analysis • Path Transducer Model (Servlet) •  Information Flow (Business Rules, Access Right Policies) • (2) Customized Relational Constraint Solvers

More Related