Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms

Datta, Anupam; Blocki, Jeremiah; Christin, Nicolas; DeYoung, Henry; Garg, Deepak; Jia, Limin; Kaynar, Dilsun; Sinha, Arunesh

doi:10.1007/978-3-642-25560-1_1

Cited by 24 publications

(17 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Previous work by DeYoung et al has studied audit policy specification for medical (HIPAA) and business (GLBA) processes [20,19].This work illustrates the effectiveness and generality of a temporal logic foundation for audit policy specification, which is well-founded in a general theory of privacy [18]. Their auditing system has also been implemented in a tool similar to an interactive theorem prover [24].…”

Section: Related Workmentioning

confidence: 88%

“…That is the focus of this paper. Other work has focused on formalisms for querying logs [39,18], however these works presuppose correctness of audit logs for true accountability.…”

Section: A Motivating Example From Practicementioning

confidence: 99%

“…Various approaches are taken to audit log generation and representation, including logical [18], database [1], and probabilistic approaches [43]. Information algebra is sufficiently general to contain relevant systems as instances, so our notions of soundness and completeness can apply broadly.…”

Section: Support For Various Approachesmentioning

confidence: 99%

See 2 more Smart Citations

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Retrospective security has become increasingly important to the theory and practice of cyber security, with auditing a crucial component of it. However, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, ad-hoc strategies. This is a potential source of error even if log analysis techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that the execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program's logging semantics. We also propose a program rewriting approach to instrumentation for audit log generation, in a manner that guarantees correct log generation even for untrusted programs. As a case study, we develop such a tool for OpenMRS, a popular medical records management system, and consider instrumentation of break the glass policies.

show abstract

Section: Related Workmentioning

confidence: 88%

“…That is the focus of this paper. Other work has focused on formalisms for querying logs [39,18], however these works presuppose correctness of audit logs for true accountability.…”

Section: A Motivating Example From Practicementioning

confidence: 99%

See 1 more Smart Citation

Correct Audit Logging: Theory and Practice

Amir-Mohammadian

Chong

Skalka

2016

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Their model overcomes traditional issues caused by separation of the rights and obligation notions that enables representing contracts with equal semantics in the same syntax. Datta et al, [26] proposed formal semantics and a model to represent privacy as a contextoriented right to appropriate flows of personal information and use it to model US Health and Human Services (HIPAA) [27].…”

Section: B Modeling Privacy Policies and Investigation Warrantsmentioning

confidence: 99%

Privacy-respecting digital investigation

Dehghantanha

Franke

2014

2014 Twelfth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

the forensics investigation requirements are in direct conflict with the privacy rights of those whose actions are being investigated. At the same time, once the private data is exposed it is impossible to 'undo' its exposure effects should the suspect is found innocent! Moreover, it is not uncommon that during a suspect investigation, private information of other innocent parties becomes apparent to the forensics investigator. These all raise the concern for development of platforms for enforcing privacy boundaries even to authorized forensics investigators. To the best of authors' knowledge, there is no practical model for privacy-respecting digital investigation which is capable of considering different jurisdictions requirements and protecting subjects' data privacy in line with investigation warrant permissions and data-origin privacy requirements.Privacy-respecting digital forensics as an emerging crossdisciplinary research area is moving toward addressing above issues. In this paper, we first establish needed foundations and describe details of "privacy-respecting digital investigation" as a cross-disciplinary field of research. Afterwards, we review main research efforts in different research disciplines relevant to the field and elaborate existing research problems. We finalize the paper by looking at potential privacy issues during digital investigation in the light of EU, US, and APEC privacy regulations.The main contributions of this paper are first establishing essential foundations and providing detailed definition of "privacy-respecting digital investigation" as a new crossdisciplinary field of research, second a review of current state of art in different disciplines relevant to this field, third elaborating existing issues and discussing most promising solutions relevant to these disciplines, and forth is detailed discussion of potential privacy issues in different phases of digital forensics life cycle based on EU,US, and APEC privacy regulations. We hope this paper opens up a new and fruitful avenue in the study, design, and development of privacy respecting forensics investigation as an interdisciplinary field of research.

show abstract

“…To begin with, a number of languages have been proposed to express privacy policies [16,15] and can be used to verify the consistency of policies or to check whether a system complies with a certain policy via static techniques such as model checking [15,13], on-the-fly using monitoring, or through audit procedures [7,2].…”

Section: Related Workmentioning

confidence: 99%

Type Checking Privacy Policies in the π-calculus

Kouzapas

Philippou

2015

Formal Techniques for Distributed Objects, Components, and Systems

View full text Add to dashboard Cite

Abstract. In this paper we propose a formal framework for studying privacy. Our framework is based on the π-calculus with groups accompanied by a type system for capturing privacy requirements relating to information collection, information processing and information dissemination. The framework incorporates a privacy policy language. We show that a system respects a privacy policy if the typing of the system is compatible with the policy. We illustrate our methodology via analysis of privacy-aware schemes proposed for electronic traffic pricing.

show abstract

Understanding and Protecting Privacy: Formal Semantics and Principled Audit Mechanisms

Cited by 24 publications

References 46 publications

Correct Audit Logging: Theory and Practice

Correct Audit Logging: Theory and Practice

Privacy-respecting digital investigation

Type Checking Privacy Policies in the π-calculus

Contact Info

Product

Resources

About