Presentation is loading. Please wait.

Presentation is loading. Please wait.

Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University.

Published byDamian York Modified over 9 years ago

Similar presentations

Presentation on theme: "Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University."— Presentation transcript:

1 Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University

2 Outline Motivation PV Framework Privacy Properties in Temporal Logic Verification using Alloy Conclusion

3 Introduction

4 Web App: Consumer and Producer of INFORMATION Web App SSN Credit Card Medical Record Address Shopping Preference Online Marketing Email Identity Collection SSN Business Partners Shopping Habits

5 Privacy Verification Problem Web App Your SSN never be forwarded CC destroyed after transaction Function as PROMISED?

6 Challenges Business Procedures DB Ops Servlets P3P Privacy Policy Model Checker

7 PV Framework P rivacy V erification Framework 1. Servlet Control/Data Flow 2. Information Flow 3. Data Operations

8 Data Model Entity Data Item Operator Servlet Database Business Organization Stakeholder Atomic Real-Being Countable Set CC Card SSN Med Record Transaction ID Name Primitive Type System Flattened Model

9 Example: Bookstore App Entities

10 Example: Bookstore App Data Types

11 Actions Know(e, d) entity data At any moment for any e and d, Know(e,d) is defined Action: transition system expressed using first order on Know predicates

12 Example: Charge Credit Card Free var, input variable All entities All data

13 Modeling Privacy Policy Typical Examples: P3P and EPAL Defines: ▫(1) What to protect? ▫(2) Who can receive it? ▫(3) How long?

14 P3P Example

15 Temporal Logic for P3P CTL-FO = CTL + First Order Quantifiers Credit Card Info Regularly Purged from DB & is not leaked for any credit cardfor any entities

16 Verification (1) Translate from PV to Alloy (2) Translate CTL-FO to Alloy Predicates (3) Verification using Alloy

17 Modeling World Schema module bookstore //1. world schema abstract sig Object {} abstract sig WA, Env, Data extends Object {} abstract sig Actions, Entities extends WA {} … Web App. Set of All Data Items Servlets

18 Modeling System State Model the transition relation sig State{ know: (WA + Env) -> Data, prev: one State, actstate: Actions -> actionStatus }{ all x: Actions | some status: actionStatus | x -> status in actstate }

19 Modeling Action pred pChargeCC[s,s’: State, d:CC]{ ChargeCC->READY in s.actstate and ( s’.know = s.know + {DB->d} + {Bank->d} && s’.prev=s && s’.actstate = s.actstate -.. ) }

20 Modeling CTL-FO Formula pred ef[s:State, d:Data]{ some s’: State | (CEO->d in s’.know) && s in s’.*prev } pred fa[s:State]{ all d: Data | (DB->d in s.know) => ef[s,d] } assert AGProperty{ all s: State | fa[s] }

21 Initial Experiments StateClausesConstr. Time (ms) Solver Time (ms) 5431k2203781 101928k79846266 154504k1878240828 20--- 20 Objects

22 Conclusion PV Framework for Reasoning about Privacy Verification Paradigm using Alloy Problems …

23 Future Directions (1) Static Program Analysis  Path Transducer Model (Servlet)  Information Flow (Business Rules, Access Right Policies) (2) Customized Relational Constraint Solvers

Download ppt "Conformance Verification of Privacy Policies Xiang Fu Assistant Professor Department of Computer Science Hofstra University."

Similar presentations

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.

A Logic Specification for Usage Control Xinwen Zhang, Jaehong Park Francesco Parisi-Presicce, Ravi Sandhu George Mason University SACMAT 2004.
Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.

Policy Auditing over Incomplete Logs: Theory, Implementation and Applications Deepak Garg 1, Limin Jia 2 and Anupam Datta 2 1 MPI-SWS (work done at Carnegie.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Verification of DSMLs Using Graph Transformation: A Case Study with Alloy Zekai Demirezen 1, Marjan Mernik 1,2, Jeff Gray 1, Barrett Bryant 1 1 Department.

Verification of DSMLs Using Graph Transformation: A Case Study with Alloy Zekai Demirezen 1, Marjan Mernik 1,2, Jeff Gray 1, Barrett Bryant 1 1 Department.
Overcoming Barriers to Access to Health Care by Immigrant Families Sonal Ambegaokar, Health Project Manager National Immigration Law Center March 4, 2013.

Overcoming Barriers to Access to Health Care by Immigrant Families Sonal Ambegaokar, Health Project Manager National Immigration Law Center March 4, 2013.
– Seminar in Software Engineering Cynthia Disenfeld

– Seminar in Software Engineering Cynthia Disenfeld
Satisfiability Modulo Theories (An introduction)

Satisfiability Modulo Theories (An introduction)
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
Implementing Reflective Access Control in SQL Lars E. Olson 1, Carl A. Gunter 1, William R. Cook 2, and Marianne Winslett 1 1 University of Illinois at.

Implementing Reflective Access Control in SQL Lars E. Olson 1, Carl A. Gunter 1, William R. Cook 2, and Marianne Winslett 1 1 University of Illinois at.
1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.

1 University of Toronto Department of Computer Science © 2001, Steve Easterbrook Lecture 10: Formal Verification Formal Methods Basics of Logic first order.
Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.

Model Checking Inputs: A design (in some HDL) and a property (in some temporal logic) Outputs: Decision about whether or not the property always holds.
David Abarca, Instructor Del Mar College Computer Corner Online Shopping.

David Abarca, Instructor Del Mar College Computer Corner Online Shopping.
3/5/2009Computer systems1 Analyzing System Using Data Dictionaries Computer System: 1. Data Dictionary 2. Data Dictionary Categories 3. Creating Data Dictionary.

3/5/2009Computer systems1 Analyzing System Using Data Dictionaries Computer System: 1. Data Dictionary 2. Data Dictionary Categories 3. Creating Data Dictionary.
Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.

Process Model for Access Control Wael Hassan University of Ottawa Luigi Logrippo, Université du Québec en Outaouais.
Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.

Privacy and Contextual Integrity: Framework and Applications Adam Barth, Anupam Datta, John C. Mitchell (Stanford), and Helen Nissenbaum (NYU) TRUST Winter.
Dr. Xiang Fu Assistant Professor Department of Computer Science Hofstra University.

Dr. Xiang Fu Assistant Professor Department of Computer Science Hofstra University.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.

Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

Similar presentations

Ads by Google