Privacy and contextual integrity: framework and applications
read more
Citations
Expectation and purpose: understanding users' mental models of mobile app privacy through crowdsourcing
A Contextual Approach to Privacy Online
Privacy-aware role based access control
Privacy in mobile technology for personal healthcare
Privacy and Data Protection by Design - from policy to engineering
References
k -anonymity: a model for protecting privacy
The SPIN Model Checker: Primer and Reference Manual
Privacy as contextual integrity
The Ponder Policy Specification Language
Related Papers (5)
Frequently Asked Questions (14)
Q2. What have the authors stated for future works in "Privacy and contextual integrity: framework and applications" ?
In deciding compliance, the authors are given a sequence of past communications and wish to determine whether a possible next communication will violate the privacy policy. This has both weak and strong formulation: weak compliance requires only that the next action satisfies all necessary present conditions, whereas strong compliance requires, in addition, that there is an achievable sequence of future actions that meets all requirements about the future. Specifically, temporal conditions improve on the uninterpreted future obligations of XACML and EPAL, and the use of negative norms obviates the problems with obligations attached to denying rules in previous frameworks. Future Work.
Q3. What are the four constructs that define contextual integrity?
Four constructs are key to defining contextual integrity: informational norms, appropriateness, roles, and principles of transmission.
Q4. How can the authors rewrite universal and existential quantifiers in Propositional LTL?
By assuming their carrier sets are finite, the authors are able to rewrite universal and existential quantifiers as finite conjunctions and disjunctions in Propositional LTL (PLTL).
Q5. What is the key to understanding how to combine policies?
En-tailment is key to understanding how to combine policies, and how to compare one policy, such as HIPAA, with another, such as the specific privacy practices of a clinic and hospital.
Q6. How did consent be captured in the study?
In that study, consent was captured through role activation: a patient consents to treatment by activating a “consent-to-treatment” role.
Q7. What is the evolution of the knowledge of individual agents?
The evolution of the knowledge of individual agents depends on messages they receive and computation rules that enable agents to infer further attributes.
Q8. Why did earlier accounts of information integrity posit norms of appropriateness?
Because information type is so salient an influence on people’s judgments that a violation has occurred, earlier accounts of contextual integrity had posited norms of appropriateness as distinct from norms of transmission.
Q9. What is the proof idea for a ltl formula?
The proof idea is to propositionalize θ ∧ α ∧ β and decide its satisfiability in PSPACE(with respect to formula length and the size of the carrier sets).
Q10. What is the meaning of the term appropriateness?
The authors suggest the term “appropriateness” as a way to signal whether the type of information in question conforms to the relevant informa-tional norms.
Q11. What is the simplest way to decide whether a policy is strong?
Theorem 5. Given a privacy policy θ, it can be decided whether weak compliance for θ implies strong compliance in exponential space.
Q12. What is the key to understanding what is contextual integrity?
One further feature is key to understanding what the authors mean here by “contexts,” for not only are they characterized by roles and norms but also by certain ends, or values.
Q13. What is the simplest way to decide whether an action is compliant with a privacy policy?
Def. Given a finite past history σ, an action a strongly complies with a privacy policy θ if there exists a trace σ′ such that σ · a · σ′ |= θ. Theorem 4. Strong compliance can be decided in PSPACE.
Q14. What is the case of satisfiability?
Although the worst-case complexity of satisfiability is PSPACE, there are efficient algorithms for several syntactic classes of formulas [18].