Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Systems Security

ICISS 2013: Information Systems Security pp 106–120Cite as

A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8303))

Abstract

This paper presents a formal approach for the analysis of privacy properties of complex electronic services. A flexible framework for logic reasoning allows for formally modeling these services in a typed first-order logic and for inferring privacy properties that can be interpreted by all the stakeholders including consumers. The inference strategy consists of compiling user profiles according to the expectations of the consumer about the data practices of the service providers involved. The data in these profiles originates from information that has been disclosed by the consumer during the service interactions or that may have been exchanged between organizations thereafter. The framework can infer relevant privacy properties from these profiles. To validate our work, the approach is applied to the modeling of a web shop.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ardagna, C.A., De Capitani di Vimercati, S., Neven, G., Paraboschi, S., Preiss, F.-S., Samarati, P., Verdicchio, M.: Enabling privacy-preserving credential-based access control with xacml and saml. In: Proceedings of the 2010 10th IEEE International Conference on Computer and Information Technology, CIT 2010, pp. 1090–1095. IEEE Computer Society, Washington, DC (2010)

    Google Scholar 

  2. Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Proceedings of the 2006 IEEE Symposium on Security and Privacy, SP 2006, pp. 184–198. IEEE Computer Society, Washington, DC (2006)

    Google Scholar 

  3. Breaux, T.D., Rao, A.: Formal analysis of privacy requirements specifications for multi-tier applications. In: RE 2013: Proceedings of the 21st IEEE International Requirements Engineering Conference, RE 2013. IEEE Society Press, Washington, DC (2013)

    Google Scholar 

  4. Camenisch, J., Mödersheim, S., Neven, G., Preiss, F.-S., Sommer, D.: A card requirements language enabling privacy-preserving access control. In: Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, SACMAT 2010, pp. 119–128. ACM, New York (2010)

    Google Scholar 

  5. Cortier, V., Wiedling, C.: A formal analysis of the norwegian e-voting protocol. In: Degano, P., Guttman, J.D. (eds.) Principles of Security and Trust. LNCS, vol. 7215, pp. 109–128. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  6. Decroix, K., Lapon, J., De Decker, B., Naessens, V.: A formal approach for inspecting privacy and trust in advanced electronic services. In: Jürjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 155–170. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  7. DeYoung, H., Garg, D., Jia, L., Kaynar, D., Datta, A.: Experiences in the logical specification of the hipaa and glba privacy laws. In: Proceedings of the 9th Annual ACM Workshop on Privacy in the Electronic Society, WPES 2010, pp. 73–82. ACM, New York (2010)

    Google Scholar 

  8. Dreier, J., Lafourcade, P., Lakhnech, Y.: Formal verification of e-auction protocols. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 247–266. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  9. Dwyer, C., Hiltz, S.R., Passerini, K.: Trust and privacy concern within social networking sites: A comparison of facebook and myspace. In: Proceedings of the Thirteenth Americas Conference on Information Systems, AMCIS 2007, Paper 339 (2007)

    Google Scholar 

  10. Métayer, D.L.: Privacy by design: a formal framework for the analysis of architectural choices. In: Proceedings of the Third ACM Conference on Data and Application Security and Privacy, CODASPY 2013, pp. 95–104. ACM, New York (2013)

    Chapter  Google Scholar 

  11. Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 41–53. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Shin, D.-H.: The effects of trust, security and privacy in social networking: A security-based approach to understand the pattern of adoption. Interact. Comput. 22(5), 428–438 (2010)

    Article  Google Scholar 

  13. Sweeney, L.: k-anonymity: a model for protecting privacy. Int. J. Uncertain. Fuzziness Knowl. -Based Syst. 10(5), 557–570 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  14. Veeningen, M., de Weger, B., Zannone, N.: Formal privacy analysis of communication protocols for identity management. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 235–249. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Wittocx, J., Mariën, M., Denecker, M.: The idp system: a model expansion system for an extension of classical logic. In: LaSh, pp. 153–165 (2008)

    Google Scholar 

  16. Young, A.L., Quan-Haase, A.: Information revelation and internet privacy concerns on social network sites: a case study of facebook. In: Proceedings of the Fourth International Conference on Communities and Technologies, CT 2009, pp. 265–274. ACM, New York (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, KU Leuven, Technology Campus Ghent, Gebroeders Desmetstraat 1, 9000, Ghent, Belgium

    Koen Decroix, Jorn Lapon & Vincent Naessens

  2. iMinds-DistriNet, KU Leuven, Celestijnenlaan 200A, 3001, Heverlee, Belgium

    Bart De Decker

Authors
  1. Koen Decroix
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jorn Lapon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bart De Decker
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Vincent Naessens
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Electronics & Communication Sciences Unit, Indian Statistical Institute, 203, B. T. Road, 700108, Kolkata, India

    Aditya Bagchi

  2. Computer Science Department, Colorado State University, 1873 Campus Delivery, 80523, Fort Collins, CO, USA

    Indrakshi Ray

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Decroix, K., Lapon, J., De Decker, B., Naessens, V. (2013). A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services. In: Bagchi, A., Ray, I. (eds) Information Systems Security. ICISS 2013. Lecture Notes in Computer Science, vol 8303. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-45204-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-45204-8_8

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-45203-1

  • Online ISBN: 978-3-642-45204-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation