I-Corps: Privacy aware information systems using contextual integrity principle
New York University, New York NY
Investigators
Abstract
The broader impact/commercial potential of this I-Corps project is to provide a privacy design framework that leverages contextual integrity (CI) principles combined with formal logic methods to enable organizations and end users to build new forms of privacy aware information systems. The privacy design framework addresses a fundamental privacy gap in existing information systems in large organizations between system level privacy guarantees and privacy expectations of end users. It is envisioned that the privacy design framework will be a service that enables ordinary users to express complex privacy rules in an organization based on CI principles. It will also leverage formal logic methods to convert contextual integrity rules to logic programs that verify the privacy properties of information flows within the organization. This privacy framework aims to ease the development of new privacy aware information systems that support the full spectrum of stakeholders in organizations including end users, administrators, system designers and regulators. It can enable greater transparency for regulators, data protection authorities, administrators and end users. This I-Corps project will evaluate privacy as a service design framework using the principles of contextual integrity theory that offers system designers the tools to clearly articulate, design and implement privacy policies in large scale information systems, where the privacy policies clearly match the privacy expectations of end users. The privacy framework makes three fundamental research contributions: (i) The framework uses the theory of contextual integrity to formalize informational norms as logical rules that constitute a privacy logic of the system, thereby providing the ability to reason about privacy in complex information systems; (ii) The framework is modular and domain agnostic where it decouples specification of privacy logic from the enforcement of privacy checks on information flows within the system while requiring minimal modifications to the underlying system; (iii) The system leverages formal logic methods to ensure the correctness of privacy policy specifications and ensures that information exchange within the system strictly follows the established privacy norms of a given context.
View original record on NSF Award Search →