Home // SnT // Research // Research Pro... // Enforced Privacy (EPRIV)

Enforced Privacy (EPRIV)

Led by Prof. Dr. Sjouke Mauw

Link to project homepage here .

Project duration: 01/04/2009 - 01/04/2012

Funding source(s): UL
NOTE: This project extends FNR project "A Formal approach to privacy in electronic voting"

Privacy has been a fundamental property for distributed systems which provide e-services to users. In these systems, users become more and more concerned about their anonymity and how their personal information has been used. For example, in voting systems a voter wants to keep her vote secret. Recently, strong privacy properties in voting such as receipt-freeness and coercion-resistance were proposed and have received considerable attention. These notions seek to prevent vote buying (where a voter chooses to renounce her vote). These strong notions of privacy, which we will call enforced privacy, actually capture the essential idea that privacy must be enforced by a system upon its users, instead of users desiring privacy.
The first aim of this project is to extend enforced privacy from voting to other domains, such as online auctions, anonymous communications, healthcare, and digital rights management, where enforced privacy is a paramount requirement. For example, in healthcare, a patient's health record is private information. However, a patient contracting a serious disease is at risk of discrimination by parties aware of her illness. The inability to unveil (specific parts of) the health record of a patient is a minimal requirement for her privacy.
The second aim of the project is to develop a domain-independent formal framework in which enforced privacy properties in different domains can be captured in a natural, uniform and precise way. Typically, enforced privacy properties will be formalised as equivalence relations on traces, which take into account both the knowledge of the intruder and the users. Within the framework, algorithms can be designed to support analysis of e-service systems which claim to have enforced privacy properties. In the end, the formalisation and techniques will be applied to verify existing real-life systems and to help the design of new systems with enforced privacy properties.