A Formal Approach for Inspecting Privacy and Trust in Advanced Electronic Services

• Published in: Engineering Secure Software and Systems pp. 155 - 170
• Main Authors: Decroix, Koen, Lapon, Jorn, De Decker, Bart, Naessens, Vincent
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg 2013
• Series: Lecture Notes in Computer Science
• Subjects: electronic services; modeling; privacy; trust
• ISBN: 3642365620; 9783642365621
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-36563-8_11

Advanced information processing technologies are often applied to large profiles and result in detailed behavior analysis. Moreover, under the pretext of increased personalization and strong accountability, organizations exchange information to compile even larger profiles. However, the user is unaware about the amount and type of personal data kept in profiles, partially due to advanced interactions between multiple organizations during service consumption. In this paper, a formal approach to inspect privacy and trust in advanced electronic services is presented. It allows to express access and privacy policies of service providers. Also, the privacy properties of multiple authentication technologies are formally modeled. From this, meaningful privacy properties can be extracted based on varying trust assumptions. Feedback is rendered through automated reasoning, useful for both users and system designers. To demonstrate its practicability, the approach is applied to the design of a travel reservation system.