As mobile and network technologies proliferate, so does society's awareness of the vulnerability of private data within cyberspace. Protecting private information becomes specially important, since researchers estimate that 87% of Americans can be identified by name and address, if their zip code, gender, and birthday are known to intruders. The goal of this proposal will be to develop a new set of verification tools, algorithms, and interfaces that enable secure, effective and unobtrusive management of users' private information. The proposed approach leverages formal verification techniques to ensure that the intended privacy properties and goals are met. Because of the modular and robust design of the proposed platform, it can be re-aligned and tuned to accommodate the needs of specific use cases and applications (e.g., health-care, connected automotive systems, and smart cities).
The proposed system will: (1) use model-checking to ensure that updated rules and boundaries correctly enforce users' privacy intents, given that users' privacy boundaries and rules constantly evolve (e.g., due to aging, social pressure, and changes in health and personal relationships), (2) automatically translate control policies to privacy-preserving protocol executions, which provably enforce privacy intents. To achieve this, new approaches for activating privacy-preserving functionalities based on the knowledge of privacy rules and boundaries, as well as novel cryptographic tools will be used.
|