Engineering Privacy through Integrated Policy and Source Code Analysis

6 settembre 2018
Versione stampabile

Time: h.15:00 - 17:30
Location: Via Sommarive 5 - Polo Ferrari 1 (Povo, TN) - Room Garda


  • Travis D. Breaux, Institute for Software Research, Carnegie Mellon University


While pervasive and ubiquitous computing provides individuals with increased access to information and automated decision making, this access can affect personal privacy through increased collection, sharing and use of personal information. The EU General Data Protection Regulation (GDPR) introduces privacy by design, while recent U.S. government guidance emphasizes responsible use, in which original data collection purposes are preserved and propagated to verify that subsequent uses are consistent with the data subject's original expectations. This emphasis highlights the need for a reliable privacy semantics, which organizations can use to predict how their data collection, use and sharing practices affect personal privacy.

To address this challenge, we designed a domain specific language, called Eddy, that has a formal semantics expressed in Description Logic and enables reasoning over privacy practices commonly found in online privacy policies. This includes checking whether a policy violates the OECD collection or use limitation principles, which have been an international standard for over 35 years. Using Eddy, data users can express their needs in the context of a larger privacy policy framework maintained by their organization. The framework supports sharing information with third parties and allows users to check the OECD properties across third-party data flows and within third-party policies. This research reveals that the semantics of privacy is potentially unbounded, wherein each party uses slightly different terminology to describe and regulate personal data use through policies, which is a potential source of policy ambiguity and inconsistency and which becomes an obstruction to formal analysis. To align policy analysis with system analysis, we extended our framework to check mobile app source code for privacy policy violations using static and dynamic analysis, and to measure privacy risk to individuals as a means to inform developers about how to prioritize privacy controls with increased data sensitivity.

About the Speaker

Travis D. Breaux is an Associate Professor of Computer Science, appointed in the Institute for Software Research of the School of Computer Science at Carnegie Mellon University. Dr. Breaux's research program searches for new methods and tools for developing correct software specifications and ensuring that software systems conform to those specifications in a transparent, reliable and trustworthy manner. This includes demonstrating compliance with U.S. and international privacy and security laws, policies and standards. Dr. Breaux is the Director of the Requirements Engineering Laboratory at Carnegie Mellon University. Dr. Breaux is on the Editorial Board of the ACM Transactions of Software Engineering Methodology, he served as Chair of the USACM Privacy and Security Committee and on the USACM Executive Council, and he is a regular member of the IFIP Working Group 2.9 on Requirements Engineering.

Contactelda.paja [at] (Elda Paja)