A formal approach for inspecting privacy and trust in advanced electronic services

Authors:
Koen Decroix;Jorn Lapon;Bart De Decker;Vincent Naessens
Affiliations:
Department of Industrial Engineering, Katholieke Hogeschool Sint-Lieven, Ghent, Belgium;Department of Industrial Engineering, Katholieke Hogeschool Sint-Lieven, Ghent, Belgium;iMinds-DistriNet, KU Leuven, Heverlee, Belgium;Department of Industrial Engineering, Katholieke Hogeschool Sint-Lieven, Ghent, Belgium
Venue:
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Year:
2013

Citing 13
Cited 0

Design and implementation of the idemix anonymous credential system

Proceedings of the 9th ACM conference on Computer and communications security
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems

UbiComp '01 Proceedings of the 3rd international conference on Ubiquitous Computing
Extending Classical Logic with Inductive Definitions

CL '00 Proceedings of the First International Conference on Computational Logic
Eliciting security requirements with misuse cases

Requirements Engineering
Privacy and Contextual Integrity: Framework and Applications

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Towards an information theoretic metric for anonymity

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Towards measuring anonymity

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
A card requirements language enabling privacy-preserving access control

Proceedings of the 15th ACM symposium on Access control models and technologies
How unique is your web browser?

PETS'10 Proceedings of the 10th international conference on Privacy enhancing technologies
A privacy threat analysis framework: supporting the elicitation and fulfillment of privacy requirements

Requirements Engineering - Special Issue on Digital privacy: theory, policies and technologies
Formal privacy analysis of communication protocols for identity management

ICISS'11 Proceedings of the 7th international conference on Information Systems Security
Formalizing and Enforcing Purpose Restrictions in Privacy Policies

SP '12 Proceedings of the 2012 IEEE Symposium on Security and Privacy
Privacy management in global organisations

CMS'12 Proceedings of the 13th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Advanced information processing technologies are often applied to large profiles and result in detailed behavior analysis. Moreover, under the pretext of increased personalization and strong accountability, organizations exchange information to compile even larger profiles. However, the user is unaware about the amount and type of personal data kept in profiles, partially due to advanced interactions between multiple organizations during service consumption. In this paper, a formal approach to inspect privacy and trust in advanced electronic services is presented. It allows to express access and privacy policies of service providers. Also, the privacy properties of multiple authentication technologies are formally modeled. From this, meaningful privacy properties can be extracted based on varying trust assumptions. Feedback is rendered through automated reasoning, useful for both users and system designers. To demonstrate its practicability, the approach is applied to the design of a travel reservation system.