Conformance Verification of Privacy Policies

Conformance Verification of Privacy Policies
Slide Note
Embed
Share

In this detailed presentation, Xiang Fu, an Assistant Professor at Hofstra University, explores the conformance verification of privacy policies and the framework for privacy properties in temporal logic verification. The content covers the challenges, PV framework, data models, examples, and actions involved in privacy verification in the context of web applications and online information handling.

  • Privacy Policies
  • Verification
  • Framework
  • Information Technology
  • Privacy Properties
paer999
paer999 Follow

Uploaded on Feb 19, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University

  2. Outline Motivation PV Framework Privacy Properties in Temporal Logic Verification using Alloy Conclusion

  3. Introduction

  4. Web App: Consumer and Producer of INFORMATION Online Marketing Email SSN SSN Credit Card Medical Record Address Shopping Preference Identity Collection Web App Shopping Habits Business Partners

  5. Privacy Verification Problem Your SSN never be forwarded CC destroyed after transaction Web App Function as PROMISED?

  6. Challenges Servlets Servlets Business Procedures DB Ops P3P Privacy Policy Model Checker

  7. PV Framework Privacy Verification Framework 1. Servlet Control/Data Flow 2. Information Flow 3. Data Operations

  8. Data Model Operator Servlet Database Business Organization Stakeholder Atomic Real-Being Entity Countable Set CC Card SSN Med Record Transaction ID Name Primitive Type System Data Item Flattened Model

  9. Example: Bookstore App Entities

  10. Example: Bookstore App Data Types

  11. Actions At any moment for any e and d, Know(e,d) is defined Know(e, d) entity Action: transition system expressed using first order on Know predicates data

  12. Example: Charge Credit Card Free var, input variable CC ( cc know' ) know' ( ) DB,cc Bank,cc = { , } know' : ( ) know' ( ) x DB BANK d D x,d x,d All data All entities { : } cc d D know( = = know' ( ) ) know' ( ) know( ) DB,d DB,d Bank,d Bank,d

  13. Modeling Privacy Policy Typical Examples: P3P and EPAL Defines: (1) What to protect? (2) Who can receive it? (3) How long?

  14. P3P Example

  15. Temporal Logic for P3P CTL-FO = CTL + First Order Quantifiers Credit Card Info Regularly Purged from DB & is not leaked AF( know( CC AG( : know( , ) ) d : , )) d DB x E x d for any credit card for any entities

  16. Verification (1) Translate from PV to Alloy (2) Translate CTL-FO to Alloy Predicates (3) Verification using Alloy

  17. Modeling World Schema module bookstore //1. world schema abstract sig Object {} abstract sig WA, Env, Data extends Object {} abstract sig Actions, Entities extends WA {} Set of All Data Items Web App. Servlets

  18. Modeling System State Model the transition relation sig State{ know: (WA + Env) -> Data, prev: one State, actstate: Actions -> actionStatus }{ all x: Actions | some status: actionStatus | x -> status in actstate }

  19. Modeling Action pred pChargeCC[s,s : State, d:CC]{ ChargeCC->READY in s.actstate and ( s .know = s.know + {DB->d} + {Bank->d} && s .prev=s && s .actstate = s.actstate - .. ) }

  20. Modeling CTL-FO Formula pred ef[s:State, d:Data]{ some s : State | (CEO->d in s .know) && s in s .*prev } pred fa[s:State]{ all d: Data | (DB->d in s.know) => ef[s,d] } assert AGProperty{ all s: State | fa[s] }

  21. Initial Experiments 20 Objects State Clauses Constr. Time (ms) 2203 7984 18782 - Solver Time (ms) 781 6266 40828 - 5 10 15 20 431k 1928k 4504k -

  22. Conclusion PV Framework for Reasoning about Privacy Verification Paradigm using Alloy Problems

  23. Future Directions (1) Static Program Analysis Path Transducer Model (Servlet) Information Flow (Business Rules, Access Right Policies) (2) Customized Relational Constraint Solvers

Related


Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

Dynamic Pricing Algorithms with Privacy Preservation in Personalized Decision Making

lillia
Privacy in Information Security Training

Privacy in Information Security Training

lillia
NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

NCVHS Subcommittee on Privacy Comments on HIPAA Privacy Rule for Reproductive Health Care

haley
Privacy-Preserving Analysis of Graph Structures

Privacy-Preserving Analysis of Graph Structures

bilal
FCC Regulation Conformance for NB-IoT Maintenance Discussion

FCC Regulation Conformance for NB-IoT Maintenance Discussion

jalen
Importance of Timely Verification in Care After Death

Importance of Timely Verification in Care After Death

willow
Electors Verification Programme Overview

Electors Verification Programme Overview

fionn
Criticisms and Defenses of Verification and Falsification Principles

Criticisms and Defenses of Verification and Falsification Principles

esmee
FMCSA Privacy Awareness Training Overview for 2022

FMCSA Privacy Awareness Training Overview for 2022

natan
Data Privacy Laws and Regulations in Saudi Arabia

Data Privacy Laws and Regulations in Saudi Arabia

twyla
Privacy and Registered Training Organisations: Lessons and Insights

Privacy and Registered Training Organisations: Lessons and Insights

isabela
Integrated Verification and Repair in Control Plane

Integrated Verification and Repair in Control Plane

buddy
Breach of Confidence and Privacy Rights in English Law

Breach of Confidence and Privacy Rights in English Law

teodor
Formal Verification and Automata Abstraction in Esterel

Formal Verification and Automata Abstraction in Esterel

edelweiss
Challenges in GFIPM Web Services Implementation

Challenges in GFIPM Web Services Implementation

raquell
Privacy Considerations in Data Management for Data Science Lecture

Privacy Considerations in Data Management for Data Science Lecture

maen728
Program Verification via an Intermediate Verification Language

Program Verification via an Intermediate Verification Language

dee_ana
Event Log Alignment for Conformance Checking

Event Log Alignment for Conformance Checking

clarice
Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences

Privacy-Aware Smart Buildings: Ensuring Privacy Policies and Preferences

lago_nea
Software Quality and Testing in Modern Development

Software Quality and Testing in Modern Development

reatam
The Privacy Paradox: Attitudes vs. Behaviors

The Privacy Paradox: Attitudes vs. Behaviors

clai_evi
Privacy-Preserving Surveillance: Design and Implementation

Privacy-Preserving Surveillance: Design and Implementation

sofi_955

More Related Content