Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University.

Similar presentations


Presentation on theme: "Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University."— Presentation transcript:

1 Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University

2 Outline Motivation PV Framework Privacy Properties in Temporal Logic Verification using Alloy Conclusion

3 Introduction

4 Web App: Consumer and Producer of INFORMATION Web App SSN Credit Card Medical Record Address Shopping Preference Online Marketing Identity Collection SSN Business Partners Shopping Habits

5 Privacy Verification Problem Web App Your SSN never be forwarded CC destroyed after transaction Function as PROMISED?

6 Challenges Business Procedures DB Ops Servlets P3P Privacy Policy Model Checker

7 PV Framework P rivacy V erification Framework 1. Servlet Control/Data Flow 2. Information Flow 3. Data Operations

8 Data Model Entity Data Item Operator Servlet Database Business Organization Stakeholder Atomic Real-Being Countable Set CC Card SSN Med Record Transaction ID Name Primitive Type System Flattened Model

9 Example: Bookstore App Entities

10 Example: Bookstore App Data Types

11 Actions Know(e, d) entity data At any moment for any e and d, Know(e,d) is defined Action: transition system expressed using first order on Know predicates

12 Example: Charge Credit Card Free var, input variable All entities All data

13 Modeling Privacy Policy Typical Examples: P3P and EPAL Defines: ▫(1) What to protect? ▫(2) Who can receive it? ▫(3) How long?

14 P3P Example

15 Temporal Logic for P3P CTL-FO = CTL + First Order Quantifiers Credit Card Info Regularly Purged from DB & is not leaked for any credit cardfor any entities

16 Verification (1) Translate from PV to Alloy (2) Translate CTL-FO to Alloy Predicates (3) Verification using Alloy

17 Modeling World Schema module bookstore //1. world schema abstract sig Object {} abstract sig WA, Env, Data extends Object {} abstract sig Actions, Entities extends WA {} … Web App. Set of All Data Items Servlets

18 Modeling System State Model the transition relation sig State{ know: (WA + Env) -> Data, prev: one State, actstate: Actions -> actionStatus }{ all x: Actions | some status: actionStatus | x -> status in actstate }

19 Modeling Action pred pChargeCC[s,s’: State, d:CC]{ ChargeCC->READY in s.actstate and ( s’.know = s.know + {DB->d} + {Bank->d} && s’.prev=s && s’.actstate = s.actstate -.. ) }

20 Modeling CTL-FO Formula pred ef[s:State, d:Data]{ some s’: State | (CEO->d in s’.know) && s in s’.*prev } pred fa[s:State]{ all d: Data | (DB->d in s.know) => ef[s,d] } assert AGProperty{ all s: State | fa[s] }

21 Initial Experiments StateClausesConstr. Time (ms) Solver Time (ms) 5431k k k Objects

22 Conclusion PV Framework for Reasoning about Privacy Verification Paradigm using Alloy Problems …

23 Future Directions (1) Static Program Analysis  Path Transducer Model (Servlet)  Information Flow (Business Rules, Access Right Policies) (2) Customized Relational Constraint Solvers


Download ppt "Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University."

Similar presentations


Ads by Google