Skip to main content
Springer Nature Link
Log in

Formal Methods for Privacy

  • Conference paper
FM 2009: Formal Methods (FM 2009)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 5850))

Included in the following conference series:

Abstract

Privacy means something different to everyone. Against a vast and rich canvas of diverse types of privacy rights and violations, we argue technology’s dual role in privacy: new technologies raise new threats to privacy rights and new technologies can help preserve privacy. Formal methods, as just one class of technology, can be applied to privacy, but privacy raises new challenges, and thus new research opportunities, for the formal methods community.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Boyd, D.: Why youth (heart) social network sites: The role of networked publics in teenage social life. In: Buckingham, D. (ed.) MacArthur Foundation Series on Digital Learning–Youth, Identity, Digital Media Volume. MIT Press, Cambridge (2007)

    Google Scholar 

  2. Warren, B.: The right to privacy. Harvard Law Review IV(5) (1890)

    Google Scholar 

  3. National Research Council: Engaging privacy and information technology in a digital age. In: Waldo, J., Lin, H.S., Millett, L.I. (eds.) National Research Council of the National Academies. The National Academies Press, Washington (2007)

    Google Scholar 

  4. Bloustein, E.: Privacy as an aspect of human dignity: An answer to dean prosser. New York University Law Review 39, 962 (1964)

    Google Scholar 

  5. Fried, C.: An Anatomy of Values. Harvard University Press, Cambridge (1970)

    Google Scholar 

  6. Gerety, T.: Redefining privacy. Harvard Civil Rights-Civil Liberties Law Review 12, 233–296 (1977)

    Google Scholar 

  7. Gerstein, R.: Intimacy and privacy. Ethics 89, 76–81 (1978)

    Article  Google Scholar 

  8. Cohen, J.: Regulating Intimacy: A New Legal Paradigm. Princeton University Press, Princeton (2002)

    Google Scholar 

  9. Rachels, J.: Why privacy is important. Philosophy and Public Affairs 4, 323–333 (1975)

    Google Scholar 

  10. Gavison, R.: Privacy and the limits of law. Yale Law Journal 89(3), 421–471 (1980)

    Article  Google Scholar 

  11. Prosser, W.L.: Privacy. California Law Review 48, 383 (1960)

    Article  Google Scholar 

  12. Solove, D.J.: A taxonomy of privacy. University of Pennsylvania Law Review 154(3), 477–560 (2006)

    Article  Google Scholar 

  13. Supreme Court of the United States: Griswold v. Connecticut. United States Reports 381, 479 (1965)

    Google Scholar 

  14. Supreme Court of the United States: Eisenstadt v. Baird. United States Reports 405, 438 (1972)

    Google Scholar 

  15. Supreme Court of the United States: Roe v. Wade. United States Reports 410, 113 (1973)

    Google Scholar 

  16. Supreme Court of the United States: Lawrence v. Texas. United States Reports 538, 918 (2003)

    Google Scholar 

  17. Supreme Court of the United States: Bowers v. Hardwick. United States Reports 478, 186 (1986)

    Google Scholar 

  18. Thomson, J.: The right to privacy. Philosophy and Public Affairs 4, 295–314 (1975)

    Google Scholar 

  19. Parent, W.: Privacy, morality and the law. Philosophy and Public Affairs 12, 269–288 (1983)

    Google Scholar 

  20. Supreme Court of the United States: Olmstead v. United States. United States Reports 277, 438 (1928)

    Google Scholar 

  21. Supreme Court of the United States: Katz v. United States. United States Reports 389, 347 (1967)

    Google Scholar 

  22. Supreme Court of the United States: Dow Chemical Co. v. United States. United States Reports 476, 227 (1986)

    Google Scholar 

  23. Supreme Court of the United States: Florida v. Riley. United States Reports 488, 455 (1989)

    Google Scholar 

  24. Supreme Court of the United States: United States v. Knotts. United States Reports 460, 276 (1983)

    Google Scholar 

  25. Supreme Court of the United States: United States v. Karo. United States Reports 468, 705 (1984)

    Google Scholar 

  26. New Hampshire Supreme Court: Hamberger v. Eastman. Atlantic Reporter 206, 239 (1964)

    Google Scholar 

  27. Supreme Court of the United States: Kyllo v. United States. United States Reports 533, 27 (2001)

    Google Scholar 

  28. Secretary’s Advisory Committee on Automated Personal Data Systems: Records, computers, and the rights of citizens. Technical report, U.S. Department of Health, Education, and Welfare (July 1973)

    Google Scholar 

  29. Francis, T.: Spread of records stirs fears of privacy erosion. The Wall Street Journal, December 28 (2006)

    Google Scholar 

  30. Benzel, T.V.: Analysis of a kemel verification. In: Proceedings of the IEEE Symposium on Security and Privacy (1984)

    Google Scholar 

  31. Silverman, J.: Reflections on the verification of the security of an operating system kernel. In: Proceedings of the Ninth ACM Symposium on Operating Systems Principles, Bretton Woods, New Hampshire (1983)

    Google Scholar 

  32. Klein, G., Elphinstone, K., Heiser, G., Andronick, J., Cock, D., Derrin, P., Elkaduwe, D., Engelhardt, K., Kolanski, R., Norrish, M., Sewell, T., Tuch, H., Winwood, S.: sel4: Formal verification of an os kernel. In: Proceedings of the 22nd ACM Symposium on Operating Systems Principles, Big Sky, Montana (October 2009)

    Google Scholar 

  33. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  34. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  35. Chaum, D.: Secret ballot receipts: True voter-verifiable elections. IEEE J. Security and Privacy, 38–47 (2004)

    Google Scholar 

  36. Benaloh, J., Tuinstra, D.: Receipt-free secret ballot elections. In: Proceedings of the 26th Annual ACM symposium on Theory of Computing, Montreal, Canada (1994)

    Google Scholar 

  37. Rivest, R.L., Smith, W.D.: Three voting protocols: Threeballot, vav, and twin. In: EVT 2007: Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology, Berkeley, CA, USA, p. 16. USENIX Association (2007)

    Google Scholar 

  38. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42(2), 39–41 (1999)

    Article  Google Scholar 

  39. Verykios, V.S., Bertino, E., Fovino, I.N., Provenza, L.P., Saygin, Y., Theodoridis, Y.: State-of-the-art in privacy preserving data mining. ACM SIGMOD Record 3(1), 50–57 (2004)

    Article  Google Scholar 

  40. National Research Council: Protecting Individual Privacy in the Struggle Against Terrorists. The National Academies Press, Washington (2008)

    Google Scholar 

  41. Bergstein, B.: Research explores data mining, privacy. USA Today, June 18 (2008)

    Google Scholar 

  42. Geambasu, R., Kohno, T., Levy, A., Levy, H.M.: Vanish: Increasing data privacy with self-destructing data. In: Proceedings of the USENIX Security Symposium, Montreal, Canada (August 2009)

    Google Scholar 

  43. Halpern, J., O’Neill, K.: Secrecy in multiagent systems. In: CSFW 2002: Proceedings of the 15th IEEE workshop on Computer Security Foundations, Washington, DC, USA, pp. 32–46. IEEE Computer Society, Los Alamitos (2002), http://www.kevinoneill.org/papers/secrecy.pdf

    Chapter  Google Scholar 

  44. Chawla, S., Dwork, C., McSherry, F., Smith, A., Wee, H.: Toward privacy in public databases. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 363–385. Springer, Heidelberg (2005)

    Google Scholar 

  45. Jones, R., Kumar, R., Pang, B., Tomkins, A.: I Know What You Did Last Summer: Query Logs and User Privacy. In: Proceedings of the Sixteenth ACM Conference on Information and Knowledge Management, Lisbon, Portugal (2007)

    Google Scholar 

  46. Kumar, R., Novak, J., Pang, B., Tomkins, A.: On anonymizing query logs via token-based hashing. In: Proceedings of the 16th International Conference on World Wide Web, Banff, Alberta, Canada (2007)

    Google Scholar 

  47. Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: SP 2008: Proceedings of the 2008 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 111–125. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  48. Sweeney, L.: k-Anonymity: A model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl.-Based Syst. 10(5), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  49. Machanavajjhala, A., Kifer, D., Gehrke, J., Venkitasubramaniam, M.: ℓ-Diversity: Privacy beyond k-anonymity. ACM Trans. Knowl. Discov. Data 1(1), 3 (2007)

    Article  Google Scholar 

  50. Li, N., Li, T., Venkatasubramanian, S.: t-closeness: Privacy beyond k-anonymity and l-diversity. In: IEEE 23rd International Conference on Data Engineering. ICDE 2007, April 15-20, pp. 106–115 (2007)

    Google Scholar 

  51. Xiao, X., Tao, Y.: m-Invariance: Towards privacy preserving re-publication of dynamic datasets. In: SIGMOD 2007: Proceedings of the 2007 ACM SIGMOD international conference on Management of data, pp. 689–700. ACM Press, New York (2007)

    Chapter  Google Scholar 

  52. Federal Committee on Statistical Methodology: Statistical disclosure limitation methodology. Statistical Policy Working Paper 22 (2005)

    Google Scholar 

  53. Dalenius, T.: Towards a methodology for statistical disclosure control. Statistik Tidskrift 15, 429–444 (1977)

    Google Scholar 

  54. Dwork, C.: Differential privacy. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 1–12. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  55. Dwork, C., McSherry, F., Nissim, K., Smith, A.: Calibrating noise to sensitivity in private data analysis. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 265–284. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  56. McSherry, F.: Privacy integrated queries: An extensible platform for privacy-preserving data analysis. In: SIGMOD 2009: Proceedings of the 2009 ACM SIGMOD international conference on Management of data. ACM, New York (to appear, 2009), http://research.microsoft.com/apps/pubs/?id=80218

    Google Scholar 

  57. Korolova, A., Kenthapadi, K., Mishra, N., Ntoulas, A.: Releasing search queries and clicks privately. In: Proceedings of the 2009 International World Wide Web Conference, Madrid, Spain (2009)

    Google Scholar 

  58. Necula, G.C., Lee, P.: Safe kernel extensions without run-time checking. SIGOPS Oper. Syst. Rev. 30(SI), 229–243 (1996)

    Article  Google Scholar 

  59. McLean, J.: A general theory of composition for trace sets closed under selective interleaving functions. In: SP 1994: Proceedings of the 1994 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 79. IEEE Computer Society, Los Alamitos (1994)

    Google Scholar 

  60. Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proceedings of the IEEE Symposium on Security and Privacy (1982)

    Google Scholar 

  61. Powers, C., Schunter, M.: Enterprise privacy authorization language (EPAL 1.2). W3C Member Submission (November 2003)

    Google Scholar 

  62. Cranor, L.F.: Web Privacy with P3P. O’Reilly, Sebastopol (2002)

    Google Scholar 

  63. Cranor, L.F., Guduru, P., Arjula, M.: User interfaces for privacy agents. ACM Trans. Comput.-Hum. Interact. 13(2), 135–178 (2006)

    Article  Google Scholar 

  64. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 184–198. IEEE Computer Society, Los Alamitos (2006)

    Google Scholar 

  65. Nissenbaum, H.: Privacy as contextual integrity. Washington Law Review 79(1) (2004)

    Google Scholar 

  66. Mantel, H.: Preserving information flow properties under refinement. In: SP 2001: Proceedings of the 2001 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 78. IEEE Computer Society, Los Alamitos (2001)

    Chapter  Google Scholar 

  67. Jürjens, J.: Secrecy-preserving refinement. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 135–152. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  68. Alur, R., Černý, P., Zdancewic, S.: Preserving secrecy under refinement. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 107–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  69. Clarkson, M.R., Schneider, F.B.: Hyperproperties. In: Proceedings of IEEE Computer Security Foundations Symposium (June 2008)

    Google Scholar 

  70. Ball, T., Rajamani, S.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, p. 103. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  71. Cowan, C., Wagle, P., Pu, C., Beattie, S., Walpole, J.: Buffer overflows: Attacks and defenses for the vulnerability of the decade. In: SANS 2000 (1999)

    Google Scholar 

  72. Newsome, J., Song, D.: Dynamic taint analysis: Automatic detection, analysis, and signature generation of exploit attacks on commodity software. In: Network and Distributed Systems Security Symposium (February 2005)

    Google Scholar 

  73. Clarkson, M.R., Myers, A.C., Schneider, F.B.: Belief in information flow. In: CSFW 2005: Proceedings of the 18th IEEE workshop on Computer Security Foundations, Washington, DC, USA, pp. 31–45. IEEE Computer Society, Los Alamitos (2005)

    Google Scholar 

  74. Clark, D., Hunt, S., Malacaria, P.: A static analysis for quantifying information flow in a simple imperative language. Journal of Computer Security 15, 321–371 (2007)

    Google Scholar 

  75. McCamant, S., Ernst, M.D.: A simulation-based proof technique for dynamic information flow. In: PLAS 2007: Proceedings of the 2007 workshop on Programming languages and analysis for security, pp. 41–46. ACM, New York (2007)

    Chapter  Google Scholar 

  76. Newsome, J., Song, D.: Influence: A quantitative approach for data integrity. Technical Report CMU-CyLab-08-005, CyLab, Carnegie Mellon University (February 2008)

    Google Scholar 

  77. Tschantz, M.C., Nori, A.V.: Measuring the loss of privacy from statistics. In: Gulwani, S., Seshia, S.A. (eds.) Proceedings of the 1st Workshop on Quantitative Analysis of Software (QA 2009), Technical Report UCB/EECS-2009-93, Electrical Engineering and Computer Sciences, University of California at Berkeley, pp. 27–36 (June 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh, PA, 15213

    Michael Carl Tschantz & Jeannette M. Wing

Authors
  1. Michael Carl Tschantz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jeannette M. Wing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, Heslington, University of York, Y010 5DD, York, UK

    Ana Cavalcanti

  2. Bell Laboratories, 600 Mountain Ave., 07974, Murray Hill, NY, USA

    Dennis R. Dams

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Tschantz, M.C., Wing, J.M. (2009). Formal Methods for Privacy. In: Cavalcanti, A., Dams, D.R. (eds) FM 2009: Formal Methods. FM 2009. Lecture Notes in Computer Science, vol 5850. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-05089-3_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-05089-3_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-05088-6

  • Online ISBN: 978-3-642-05089-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics