Privacy assessment using static taint analysis (tool paper)

Marcel von Maltitz, Cornelius Diekmann, Georg Carle

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

4 Scopus citations

Abstract

When developing and maintaining distributed systems, auditing privacy properties gains more and more relevance. Nevertheless, this task is lacking support of automated tools and, hence, is mostly carried out manually. We present a formal approach which enables auditors to model the flow of critical data in order to shed new light on a system and to automatically verify given privacy constraints. The formalization is incorporated into a larger policy analysis and verification framework and overall soundness is proven with Isabelle/HOL. Using this solution, it becomes possible to automatically compute architectures which follow specified privacy conditions or to input an existing architecture for verification. Our tool is evaluated in two real-world case studies, where we uncover and fix previously unknown violations of privacy.

Original languageEnglish
Title of host publicationFormal Techniques for Distributed Objects, Components, and Systems - 37th IFIP WG 6.1 International Conference, FORTE 2017 Held as Part of the 12th International Federated Conference on Distributed Computing Techniques, DisCoTec 2017, Proceedings
EditorsAhmed Bouajjani, Alexandra Silva
PublisherSpringer Verlag
Pages225-235
Number of pages11
ISBN (Print)9783319602240
DOIs
StatePublished - 2017
Event37th IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE 2017 - Held as Part of the 12th International Federated Conference on Distributed Computing Techniques, DisCoTec 2017 - Neuchatel, Switzerland
Duration: 19 Jun 201722 Jun 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10321 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference37th IFIP WG 6.1 International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE 2017 - Held as Part of the 12th International Federated Conference on Distributed Computing Techniques, DisCoTec 2017
Country/TerritorySwitzerland
CityNeuchatel
Period19/06/1722/06/17

Fingerprint

Dive into the research topics of 'Privacy assessment using static taint analysis (tool paper)'. Together they form a unique fingerprint.

Cite this