Download
conformance verification of privacy policies n.
Skip this Video
Loading SlideShow in 5 Seconds..
Conformance Verification of Privacy Policies PowerPoint Presentation
Download Presentation
Conformance Verification of Privacy Policies

Conformance Verification of Privacy Policies

147 Vues Download Presentation
Télécharger la présentation

Conformance Verification of Privacy Policies

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Conformance Verification of Privacy Policies Xiang Fu Assistant ProfessorDepartment of Computer ScienceHofstra University

  2. Outline • Motivation • PV Framework • Privacy Properties in Temporal Logic • Verification using Alloy • Conclusion

  3. Introduction

  4. Web App: Consumer and Producerof INFORMATION Online Marketing Web App Email Identity Collection SSN SSN Credit Card Medical Record Address Shopping Preference Shopping Habits Business Partners

  5. Privacy Verification Problem Your SSN never be forwarded CC destroyed after transaction Web App Function as PROMISED?

  6. Challenges Servlets Servlets P3P Privacy Policy DB Ops Business Procedures Model Checker

  7. PV Framework • Privacy Verification Framework 1. Servlet Control/Data Flow 2. Information Flow 3. Data Operations

  8. Data Model • Entity • Data Item Operator CC Card Servlet SSN Database Med Record Atomic Real-Being Business Organization Transaction ID Countable Set Stakeholder Name Primitive Type System Flattened Model

  9. Example: Bookstore App Entities

  10. Example: Bookstore App Data Types

  11. Actions At any moment for any e and d, Know(e,d) is defined • Know(e, d) entity Action: transition system expressed using first order on Know predicates data

  12. Example: Charge Credit Card Free var, input variable All data All entities

  13. Modeling Privacy Policy • Typical Examples: P3P and EPAL • Defines: • (1) What to protect? • (2) Who can receive it? • (3) How long?

  14. P3P Example

  15. Temporal Logic for P3P • CTL-FO = CTL + First Order Quantifiers Credit Card Info Regularly Purged from DB & is not leaked for any credit card for any entities

  16. Verification • (1) Translate from PV to Alloy • (2) Translate CTL-FO to Alloy Predicates • (3) Verification using Alloy

  17. Modeling World Schema module bookstore //1. world schema abstract sig Object {} abstract sig WA, Env, Data extends Object {} abstract sig Actions, Entities extends WA {} … Set of All Data Items Web App. Servlets

  18. Modeling System State • Model the transition relation sig State{ know: (WA + Env) -> Data, prev: one State, actstate: Actions -> actionStatus }{ all x: Actions | some status: actionStatus | x -> status in actstate }

  19. Modeling Action predpChargeCC[s,s’: State, d:CC]{ ChargeCC->READY in s.actstate and ( s’.know = s.know + {DB->d} + {Bank->d} && s’.prev=s && s’.actstate = s.actstate - .. ) }

  20. Modeling CTL-FO Formula predef[s:State, d:Data]{ some s’: State | (CEO->d in s’.know) && s in s’.*prev } predfa[s:State]{ all d: Data | (DB->d in s.know) => ef[s,d] } assert AGProperty{ all s: State | fa[s] }

  21. Initial Experiments 20 Objects

  22. Conclusion • PV Framework for Reasoning about Privacy • Verification Paradigm using Alloy • Problems …

  23. Future Directions • (1) Static Program Analysis • Path Transducer Model (Servlet) •  Information Flow (Business Rules, Access Right Policies) • (2) Customized Relational Constraint Solvers