Privacy APIs: Formal models for analyzing legal privacy requirements
There is a growing interest in establishing rules to regulate the privacy of citizens in the treatment of sensitive personal data such as medical and financial records. Such rules must be respected by software used in these sectors. The regulatory statements are somewhat informal and must be interpreted carefully in the software interface to private data. Another issue of growing interest in establishing and proving that enterprises, their products, workflows, and services are in compliance with relevant privacy legislation. There is a growing industy in the creation of compliance tools that help enterprises self-examine to determine their status, but there is little formalization of what compliance means or how to check for it. To address these issues, we present techniques to formalize regulatory privacy rules and show how we can exploit this formalization to analyze the rules automatically. Our formal language, Privacy Commands which combine to form Privacy APIs, is an extension of classical access control language to include operations for notification and logging, constructs that ease the mapping between legal and formal language, and a robust and expressive system for expressing references and constraints. We develop constructs and evaluation mechanisms for the language which are specially suited to the modeling legal privacy policies and show the usefulness of the language by developing several comparison metrics for Privacy APIs which let us compare the permissiveness of policies. We call the metrics strong licensing and weak licensing and show how they are useful in comparing Privacy APIs. To validate the robustness and flexibility of the language we show several involved case studies with a variety of policies including the US HIPAA Privacy Rule, the US Cable TV Privacy Act, and the Insurance Council of Australia's Privacy Code. To automate the evaluation of policy properties and comparison we develop and prove the correctness of a mapping from Privacy APIs to Promela, the input language for the SPIN model checker.
May, Michael J, "Privacy APIs: Formal models for analyzing legal privacy requirements" (2008). Dissertations available from ProQuest. AAI3309474.