Abstract
In systems design, we generally distinguish the architecture and the protocol levels. In the context of privacy by design, in the first case, we talk about privacy architectures, which define the privacy goals and the main features of the system at high level. In the latter case, we consider the underlying concrete protocols and privacy enhancing technologies that implement the architectures. In this paper, we address the question that whether a given protocol conforms to a privacy architecture and provide the answer based on formal methods. We propose a process algebra variant to define protocols and reason about privacy properties, as well as a mapping procedure from protocols to architectures that are defined in a high-level architecture language.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the Spi calculus. Technical Report SRC RR 149, Digital Equipment Corporation, Systems Research Center (1998)
Antignac, T., Le Métayer, D.: Privacy architectures: Reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014)
Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014)
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of SSP 2008. IEEE Symposium on Security and Privacy, pp. 202–215, May 2008
Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 15–198, May 2006
Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. SEI Series in Software Engineering, 3rd edn. Addison-Wesley, Reading (2012)
Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. Inf. Syst. Secur. 6503, 125–139 (2011)
Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)
Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)
Delaune, S., Ryan, M.D., Smyth, B.: Automatic verification of privacy properties in the applied pi calculus. Trust Management II. IFIP AICT, vol. 263, pp. 263–278. Springer, Boston (2008)
Dong, N., Jonker, H., Pang, J.: Analysis of a receipt-free auction protocol in the applied pi calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011)
Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge, paperback edn. MIT Press, New York (2004)
Fournet, C., Abadi, M.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming, POPL 2001, pp. 104–115 (2001)
Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Babu, C.S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003)
Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)
Jafari, M., Fong, P.W., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, New York, USA, pp. 213–224 (2011)
Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)
Li, X., Zhang, Y., Deng, Y.: Verifying anonymous credential systems in applied pi calculus. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 209–225. Springer, Heidelberg (2009)
Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Sel. Areas Commun. 21(1), 44–54 (2003)
Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts i and ii. Inf. Comput. 100(1), 1–77 (1992)
Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)
Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cryptology and Information Security Series, vol. 5, pp. 112–142 (2011)
Acknowledgements
The authors would like to thank Daniel Le Métayer for his initial idea and valuable comments during this work. This work is partially funded by the European project PARIS/FP7-SEC-2012-1, the ANR project BIOPRIV, and the Inria Project Lab CAPPRIS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Ta, VT., Antignac, T. (2015). Privacy by Design: On the Conformance Between Protocols and Architectures. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-17040-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-17039-8
Online ISBN: 978-3-319-17040-4
eBook Packages: Computer ScienceComputer Science (R0)