Privacy by typing in the $π$-calculus
This addresses privacy verification in information systems for formal methods researchers, but it is incremental as it builds on existing π-calculus extensions.
The paper proposes a formal framework for studying privacy in information systems by developing a correspondence between a privacy taxonomy and a computational model based on the π-calculus, with a type system to verify policy compliance, illustrated through two use cases.
In this paper we propose a formal framework for studying privacy in information systems. The proposal follows a two-axes schema where the first axis considers privacy as a taxonomy of rights and the second axis involves the ways an information system stores and manipulates information. We develop a correspondence between the above schema and an associated model of computation. In particular, we propose the \Pcalc, a calculus based on the $π$-calculus with groups extended with constructs for reasoning about private data. The privacy requirements of an information system are captured via a privacy policy language. The correspondence between the privacy model and the \Pcalc semantics is established using a type system for the calculus and a satisfiability definition between types and privacy policies. We deploy a type preservation theorem to show that a system respects a policy and it is safe if the typing of the system satisfies the policy. We illustrate our methodology via analysis of two use cases: a privacy-aware scheme for electronic traffic pricing and a privacy-preserving technique for speed-limit enforcement.