Skip to main content
SpringerLink
Log in

Privacy by Design: On the Conformance Between Protocols and Architectures

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8930))

Included in the following conference series:

Abstract

In systems design, we generally distinguish the architecture and the protocol levels. In the context of privacy by design, in the first case, we talk about privacy architectures, which define the privacy goals and the main features of the system at high level. In the latter case, we consider the underlying concrete protocols and privacy enhancing technologies that implement the architectures. In this paper, we address the question that whether a given protocol conforms to a privacy architecture and provide the answer based on formal methods. We propose a process algebra variant to define protocols and reason about privacy properties, as well as a mapping procedure from protocols to architectures that are defined in a high-level architecture language.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Gordon, A.: A calculus for cryptographic protocols: the Spi calculus. Technical Report SRC RR 149, Digital Equipment Corporation, Systems Research Center (1998)

    Google Scholar 

  2. Antignac, T., Le Métayer, D.: Privacy architectures: Reasoning about data minimisation and integrity. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 17–32. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  3. Antignac, T., Le Métayer, D.: Privacy by design: From technologies to architectures. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 1–17. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  4. Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proceedings of SSP 2008. IEEE Symposium on Security and Privacy, pp. 202–215, May 2008

    Google Scholar 

  5. Barth, A., Datta, A., Mitchell, J., Nissenbaum, H.: Privacy and contextual integrity: framework and applications. In: IEEE Symposium on Security and Privacy, pp. 15–198, May 2006

    Google Scholar 

  6. Bass, L., Clements, P., Kazman, R.: Software Architecture in Practice. SEI Series in Software Engineering, 3rd edn. Addison-Wesley, Reading (2012)

    Google Scholar 

  7. Becker, M.Y., Malkis, A., Bussard, L.: A practical generic privacy language. Inf. Syst. Secur. 6503, 125–139 (2011)

    Article  Google Scholar 

  8. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8, 18–36 (1990)

    Article  Google Scholar 

  9. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)

    Google Scholar 

  10. Delaune, S., Ryan, M.D., Smyth, B.: Automatic verification of privacy properties in the applied pi calculus. Trust Management II. IFIP AICT, vol. 263, pp. 263–278. Springer, Boston (2008)

    Chapter  Google Scholar 

  11. Dong, N., Jonker, H., Pang, J.: Analysis of a receipt-free auction protocol in the applied pi calculus. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 223–238. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  12. Fagin, R., Halpern, J.Y., Moses, Y., Vardi, M.: Reasoning About Knowledge, paperback edn. MIT Press, New York (2004)

    Google Scholar 

  13. Fournet, C., Abadi, M.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming, POPL 2001, pp. 104–115 (2001)

    Google Scholar 

  14. Fournet, C., Abadi, M.: Hiding names: Private authentication in the applied pi calculus. In: Okada, M., Babu, C.S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 317–338. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  15. Hoare, C.A.R.: Communicating sequential processes. Commun. ACM 21(8), 666–677 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  16. Jafari, M., Fong, P.W., Safavi-Naini, R., Barker, K., Sheppard, N.P.: Towards defining semantic foundations for purpose-based privacy policies. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, CODASPY 2011, New York, USA, pp. 213–224 (2011)

    Google Scholar 

  17. Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Li, X., Zhang, Y., Deng, Y.: Verifying anonymous credential systems in applied pi calculus. In: Garay, J.A., Miyaji, A., Otsuka, A. (eds.) CANS 2009. LNCS, vol. 5888, pp. 209–225. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Sel. Areas Commun. 21(1), 44–54 (2003)

    Article  Google Scholar 

  20. Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes, parts i and ii. Inf. Comput. 100(1), 1–77 (1992)

    Article  MATH  MathSciNet  Google Scholar 

  21. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)

    Google Scholar 

  22. Ryan, M.D., Smyth, B.: Applied pi calculus. In: Cryptology and Information Security Series, vol. 5, pp. 112–142 (2011)

    Google Scholar 

Download references

Acknowledgements

The authors would like to thank Daniel Le Métayer for his initial idea and valuable comments during this work. This work is partially funded by the European project PARIS/FP7-SEC-2012-1, the ANR project BIOPRIV, and the Inria Project Lab CAPPRIS.

Author information

Authors and Affiliations

  1. INRIA, University of Lyon, Lyon, France

    Vinh-Thong Ta & Thibaud Antignac

Authors
  1. Vinh-Thong Ta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Thibaud Antignac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vinh-Thong Ta .

Editor information

Editors and Affiliations

  1. TELECOM Bretagne, Cesson Sévigné, France

    Frédéric Cuppens

  2. TELECOM SudParis, Evry, France

    Joaquin Garcia-Alfaro

  3. Dalhousie University, Halifax, Nova Scotia, Canada

    Nur Zincir Heywood

  4. University of Calgary, Calgary, Canada

    Philip W. L. Fong

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Ta, VT., Antignac, T. (2015). Privacy by Design: On the Conformance Between Protocols and Architectures. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P. (eds) Foundations and Practice of Security. FPS 2014. Lecture Notes in Computer Science(), vol 8930. Springer, Cham. https://doi.org/10.1007/978-3-319-17040-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17040-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17039-8

  • Online ISBN: 978-3-319-17040-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation